Health Insurance Portability and Accountability Act of 1996 (HIPAA) as relates to the outsourcing and printing and mailing of patient statements, collection letters and HCFA Forms.
There must be a Business Associate Agreement in place.
On April 14, 2003, you will be required to meet the requirements of the HIPAA Privacy Rule. This Rule requires you, as a health care provider, to execute a business associate agreement with any vendor to whom you transmit your patients’ health information. Among other things, this agreement must require your business associate to use "appropriate safeguards" to prevent unauthorized disclosures of such information. Additionally, on February 20, 2003, the U.S. Department of Health & Human Services issued final Security Standards under HIPAA that become binding on you in April 2005. Among other things, these Security Standards impose more specific requirements on business associate agreements and the electronic transmission of patient health information. If you have a business associate agreement that you would like for Data Media to execute, please forward it to us. Or, as a service to our clients, we are happy to provide you with a business associate agreement that we have developed in consultation with our health care attorneys after reviewing the newly issued Security Standards.
Transmissions of Patient Billing Data must be secure.
The HIPAA Privacy Rule, which is effective April 14, 2003, also requires you to maintain "reasonable and appropriate administrative, technical and physical safeguards" to protect patient health information from unauthorized disclosure. The final Security Standards issued by the Department of Health & Human Services on February 20, 2003 impose more specific requirements for the protection of patient health information as it is transmitted electronically. These newly issued Security Standards do not become binding on health care providers until April 21, 2005. However, Data Media has already consulted with its health care attorneys to ensure that it offers its clients secure methods of transmitting their data to Data Media that comply with these Security Standards now. Data Media offers its clients a variety of secure, password-protected and encrypted alternatives to protect their billing data during transmission. If you have any concern about the security of your transmissions, you need only to contact us, and we will provide you with secure and encrypted methods of transmitting your billing data that fit the particular needs and characteristics of your practice.
HIPAA and Your Software Provider.
Your software provider may tell you that it cannot guarantee that you will comply with HIPAA unless you use its "approved" print and mail vendor to prepare your billing statements. The fact of the matter is that it is not up to your software vendor, nor is it their responsibility to guarantee compliance as it relates to the printing and mailing of your statements. The responsibility for complying with HIPAA rests with you, as the health care provider, not your software company. HIPAA does not require that you use any particular vendor for your print and mail services, nor does it require you to use any particular type of technology to secure your patients’ health information as it is transmitted to the vendor of your choice. Data Media offers you secure methods for the transmission of patient billing data that will comply with HIPAA.
If you should have questions or concerns about HIPAA as it relates to outsourcing the printing and mailing of your patient statements, collection letters or HCFA claims forms to Data Media, please do not hesitate to call us at 800/533-1640
