Risk and Security LLC

Risk Assessments, Training and More

This content shows Simple View

Research Grant

Why HIPAA Compliance is Related to Federal Contracts

Most healthcare organizations take Federal money – whether it’s reimbursement for Medicare services, or if it’s a federal grant for
providing special care or even addiction treatments, or whether they are part of an NIH trial, or receiving grant money for research.

If your organization is part of state government, county government or even city government, your organization probably takes federal money too.

When the hospital, clinic or treatment center gets that Federal check, they have to first sign a contract saying they verify that they are in compliance WITH ALL FEDERAL LAWS, RULES AND GUIDELINES.  In the old days, this may have meant that you didn’t discriminate in your hiring policies, or that you complied with the Americans with Disabilities Act (ADA), or that you complied with federal reporting requirements, like for a GSA Contract, or for billing protocols.

But HIPAA is also a law, and a Federal Rule, and so when you signed that contract, you attested, or ‘represented’ that your organization was in compliance with all the HIPAA laws and rules, too.

I recently talked to a CEO of a large hospital that, as a Level 1 trauma center, received millions of dollars each year from the Federal government – and he wasn’t aware of their HIPAA status!  He didn’t know if a HIPAA risk analysis had been done (it hadn’t), or whether they had amended all their business associate agreements (hadn’t even started), and also had no idea that some of these HIPAA Rules had elements that needed to be formally approved by the Board.

If you’re the HIPAA Compliance Officer, the Privacy Officer, the Information Security Officer, or any functional title that means, the HIPAA Buck stop with you — you need to explain this to your manager or director.  This will get any administrator’s attention, because they don’t want to have to give any of that money back, and they also don’t want to get into a lawsuit over a compliance issue.

So keep talking about that HIPAA Compliance deadline of September 23, 2013, and you’ll get the support you need, and maybe the budget you need to keep all your HIPAA activities in full swing!