NU Online News Service, Dec. 17, 9:55 a.m. – The National Committee for Quality Assurance, Washington, has released the draft of new standards for a Privacy Certification for Business Associates program.
The program would certify that health insurance company “business associates,” such as software vendors and disease management companies, meet the new federal personal health information privacy standards created to implement the Health Insurance Portability and Accountability Act of 1996.
HIPAA imposes harsh penalties for “covered entities” such as health insurers that fail to act when they are aware that personal health information is not adequately protected. HIPAA calls for covered entities to obtain “satisfactory assurances” from their business associates that personal health information is protected.
The NCQA certification program covers employee training; protection of oral, written and electronic health information; consumer access to health information; and contracting between covered entities and their business associates.
Under the draft standards, organizations undergoing a review could first assess whether they were ready for certification, then submit to a pass/fail review process.