|
Affinity Programs
Board of Directors
Committees
Interim Report
Member Advantage
Membership Directory
Other Points of Interest
Technical
Assistance Programs
HIPAA Business Associate
Agreements for Clients of CPA Firms
As a courtesy member service,
NCACPA is pleased to make available information about this new regulatory
requirement, including sample forms. This information was prepared by the
Smith Anderson law firm in Raleigh, which co-authored the American Medical
Association’s Field Guide to HIPAA Implementation (AMA Press 2002)
and HIPAA Policies and Procedures Desk Reference (AMA Press 2003).
If you provide services to a client who is a health plan, health care
provider, or health care clearinghouse, you may be a “business associate”
of that client under the HIPAA Privacy Rule, which imposed an initial
compliance date of April 14, 2003. If you create or receive any
individually identifiable health information in providing services to
these clients, the client may need to execute a “business associate
agreement” with you. Mike Hubbard who is employed with Smith Anderson,
spoke on HIPAA regulations at the Members in Industry Spring Conference.
If you provide services to a client who is a health plan, health care
provider, or health care clearinghouse, you may be a “business associate”
of that client under the HIPAA Privacy Rule which imposed a compliance
deadline of April 14, 2003 (April 14, 2004 for “small” health plans).
Entities covered by the HIPAA Privacy Rule are required to enter into an
agreement with their business associates (a “business associate
agreement”) whereby the business associate promises to do certain things
to maintain the confidentiality of the health information that it receives
in the course of providing its services. Your client will be required to
execute a business associate agreement with you if the following two
conditions exist:
• Your client is covered by the Privacy Rule (a “covered entity”).
• You create or receive “protected heath information” from or on behalf of
the client in providing services to the client.
For more information about executing business associate agreements with
covered entity clients, refer to the “CPA
Guide to HIPAA Business Associate Agreements.” A
Form Business Associate Agreement, a
Form Cover Letter for Business
Associate Agreement, and a
Business Associate Log are also provided for
your use.
For additional information, see
HIPAA Privacy Rule: New Requirements for
Law Firm Engagements which is an article from the June 2001 issue of the
North Carolina Bar Association’s publication, The Litigator. This article
addresses how the legal profession is affected by HIPAA.
For more general information about the HIPAA Privacy Rule, you may also
download the
Smith Anderson HIPAA Privacy Manual.
For more information contact:
Mike Hubbard or
Candice Murphy-Farmer
SMITH, ANDERSON, BLOUNT,
DORSETT, MITCHELL & JERNIGAN, L.L.P.
2500 Wachovia Capitol Center
Raleigh, North Carolina 27602-2611
Telephone: (919) 821-6656
Fax: (919) 821-6800
Email:
mhubbard@smithlaw.com
cmurphyfarmer@smithlaw.com
|
