By William D. Dyer

Here is a short list of reasons why compliance is not optional for CE’s and BA’s:
1. HIPAA and HITECH requirements are laws, currently in effect, and CE’s and BA’s must be compliant with them right now.

2. The HHS has hired more auditors to actively review CE’s and BA’s for HIPAA and HITECH compliance.

3. The HHS has increased enforcement activities.

4. HITECH SIGNIFICANTLY increased possible sanctions and penalties.

5. State Attorney Generals are actively enforcing HIPAA and HITECH compliance.

6. Civil actions have already been filed.

7. Lawsuits have already been brought about for HIPAA violations because of poor safeguards and inadequate information security and privacy programs.

8. Lawsuits can result in heavy financial compensation payments that can put your business out of business.

9. ARRA funds require not only the risk assessment, but also actions to address risks; e.g., implement policies, procedures, and an effective and appropriate program.

10. Breach pain can include:
• fines, penalties and sanctions
• likely audit
• brand lessens in value
• bad press
• loss of clients, customers and patients
• lawsuits
• loss of insurance coverage and/or increased insurance premiums
• loss of ARRA funds
• loss of health plan contracts

11. Your own employees can report you under the whistleblower laws.

12. If you sign a BA agreement and you have not made a good effort to be compliant prior to signing the agreement you may be guilty of willful neglect, and be subject to criminal prosecution fines, as well as breach of contract.

The antecedent was garnered from correspondence with Rebecca Harold, the nation’s leading privacy, HIPAA, and HITECH expert.
HCP National provides risk management and training as it relates to insurance exposures. We are not in the practice of law or accounting. We are insurance brokers and risk consultants.

Most HMO’s, non staff model, get sued for medical malpractice via vicarious liability. This means the patient perceives that the HMO employs the doctor, or at least vets the doctors they provide. So if something goes wrong the plaintiff’s counsel sues the doctor and the HMO since it is perceived that the doctor is an agent of the HMO, and therefore, the HMO is responsible for the doctor’s actions.

1. Do not advertise that this hospital or medical group is a provider of XXX HMO. Also, do not advertise in the doctor’s office. The more you advertise that a provider is yours the greater the likelihood the patient will feel the same and sue you and the provider.

2. Make sure that the medical groups and IPA’s have adequate Errors and Omissions and Directors and Officers insurance and ask for proof of coverage. If the IPA or medical group gets named with you, you want to make sure that it has real insurance and that you and the HMO are not the only ones with coverage.

3. Make sure your credentialing is very tight and that you get proof of medical malpractice insurance for all MD’s that you contract directly with and/or indirectly via a group or IPA. Make sure that they are insured with $1 million-$3 million limits with “A” rated insurer or higher (AM Best). Some doctors purchase insurance from weak insurers or risk retention groups. If they make an error and you get named with them, again, you do not want to be the only one with coverage who responds.

4. Make sure you hold harmless agreements with the providers you contract with, providers and hospitals alike.

5. Educate the public that the providers are independent and not your employees. Put in your provider directories that all providers and hospitals are independent businesses not employed by your HMO.

HCP National provides risk management and insurance to the health care industry and others. We are experts in health care insurance, D&O and E&O insurance, Group Medical Malpractice Insurance, HMO reinsurance, provider stop loss insurance and all other insurance coverages. This is not legal advice. This is only a risk management tool. Always review all risk management tactics with your attorney prior to implementation.

NOTE: THE ABOVE IS A GENERAL DISCUSSION ABOUT HOW COVERAGES MAY WORK. YOUR INSURANCE POLICY AND ALL ADDENDA ARE THE ONLY AUTHORITY OF HOW YOUR COVERAGE WORKS. DO NOT RELY ON THIS ARTICLE AS AN EXPLANATION OF YOUR COVERAGE. HAVE YOUR ATTORNEY REVIEW YOUR ENTIRE POLICY WITH YOU TO DETERMINE WHAT IS AND ISN’T COVERED.