Okay — before we dig in, we want to put your mind at ease: we’re not going to use this newsletter to drone on about the finer points about the Health Insurance Portability and Accountability Act (HIPAA). If you’re not familiar with HIPAA, here’s the ten-second version: HIPAA is a federal law — passed in 1996 — that required the creation of national standards to protect sensitive health information from being disclosed without a patient’s consent or knowledge.
There are a lot of moving parts to HIPAA, but one of the biggest aspects is the HIPAA Privacy Rule. The Privacy Rule standards address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Privacy Rule. These individuals and organizations are called covered entities. One of the major goals of this rule is to ensure an individual’s health care information is properly protected while allowing for the flow of that information to provide and promote high-quality healthcare.
So, what does this have to do with Carex? Well, if healthcare organizations are covered entities under HIPAA, any partner or vendor to the organization is referred to as a business associate. Carex is a business associate to a number of healthcare organizations because of the role we play in hiring. When we sign a contract with a healthcare organization, we sign a business associate agreement. This may not seem like a big deal — business associates sign these agreements all the time.
However, signing the agreement isn’t enough. Business associates need to invest the time and money to actually be HIPAA compliant, which includes going through a specific series of prescribed actions, such as:
- Protecting our computers and hardware
- Protecting our data and our partners’ data, as well as their patient’s or member’s data
- Having documented processes
- Having a HIPAA Security Officer
- Establishing regular Security Risk Assessments (SRA’s)
Carex is taking the time to go through all of these actions and become HIPAA-compliant (what can we say? We’ve always been extra — in a good way). We value our relationship with our partners — so much so that we’re investing the time and resources in this effort to be the best partners for you. We’ve hired a company that specializes in this type of compliance, and we’ve been working through our list of prescribed improvements with them. We’re several months into this process, and right now we’re at the point where we’re requiring all contractors that work with HIPAA-covered entities to take a customized training we’ve designed. Every contractor that takes that training will take an exam at the end to check for understanding. After these trainings are completed, we’ll receive a Letter of Attestation that we’ll be able to share with all of you.
“We wanted to take this one step further because this is important, full stop,” says Carex President and Co-Founder Casey Liakos, who has been the one driving this initiative at Carex (not to mention he’s our HIPAA Security Officer!). “We take the HIPAA Business Associate relationship seriously and want to play our part to make sure the data and the HIPAA compliance commitments that our partners have made are safe.”
If you have any questions about our efforts around HIPAA compliance, feel free to reach out to us here and we’ll make sure it gets to Casey. And, we’ll be sure to let our partners know when we receive our attestation letter!