Payroll company introduces HIPAA compliance service
Office for Civil Rights (OCR) is authorized to fine employers $100 to $50,000 per violation.
A payroll company is providing a new service for employers.
Portage-based BASIC rolled out a new HIPAA compliance service. The aim of the new service is to help employers remain in compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule.
The act, which was established in 1996, is meant to protect the privacy and security of health information.
According to Jen Helmholdt, BASIC’s director of compliance services, the new service is supposed to help employers understand the HIPAA requirements and activities necessary to maintain compliance.
“During our web-based compliance training, the employers’ privacy and security officer(s) and other staff who work with PHI (protected health information)/IIHI (individually identifiable health information) will participate in four vital HIPAA e-learning courses,” she said. “Clients will also receive BASIC’s comprehensive e-compliance manual, which includes critical HIPAA policies, procedures, employer postings and forms needed to safeguard the employer.”
Prior to the new HIPAA compliance service, Lindsey Wood, director of marketing and business development, said they offered all of their broker partners and clientele access to its educational blog, webinars and company newsletter, so they can make well-informed decisions about their HR benefits, compliance and payroll needs.
According to BASIC, the Office for Civil Rights (OCR) is authorized to fine employers $100 to $50,000 per violation for an accidental HIPAA violation. If the data breach is found to be deliberate, with intent to sell, transfer or use the information for commercial advantage, personal gain or malicious harm, the Department of Justice can fine employers up to $250,000 per violation, plus time served in jail (up to 10 years).
“With HIPAA violations and enforcement on the rise, now is the ideal time to provide employers with a comprehensive, easy-to-manage service designed to help them manage their HIPAA responsibilities and protect them from the liability associated with HIPAA violations,” said Rob Hayes, president of BASIC.
Wood said the last set of major HIPAA updates occurred in 2013 with the introduction of the HIPAA omnibus final rule.
That rule gives patients the opportunity to get a copy of their electronic medical record, and patients who pay for their medical bills out of pocket can ask that their information is kept private from their health plan, per the U.S. Department of Health and Human Services OCR.
The rule also sets limits on how information is shared for marketing and fundraising, it prohibits the sale of information without authorization, and business associates are liable under HIPAA for safeguarding protected health information, among other requirements.
“While it’s been almost six years since the last major HIPAA updates were enforced, changes in the near future are expected due to advances in technology within the workplace,” Wood said. “Major HIPAA updates place a significant burden on employers to ensure their policies and procedures remain complaint with the changes. With the Department of Health and Human Services (HHS) increasing their HIPAA audit program, it’s best practice for employers to take preventive measures.”