Firm Announces Toolkit for Tech Companies to Prepare for HIPAA Compliance Audits in 2018
December 4, 2017
Please contact Joseph M. Miller, attorney with Shuttleworth & Ingersoll, for more information.
Cedar Rapids, Iowa—In response to increased enforcement activity and attention on business associates and the growing need of technology companies to understand their obligations as service-providers to health care entities, Shuttleworth & Ingersoll has developed a packaged solution of legal services called the HIPAA Business Associate Toolkit. Businesses that provide services directly or indirectly (as subcontractors) to health care entities and create, receive, maintain or transmit the health information of their patients (known as “protected health information” or “PHI”), are subject to a set of complex rules governing privacy, security, and data breaches. These health care vendors are known as “business associates” as defined by HIPAA. For these companies, the challenge of navigating the rules, not to mention a new regulatory vocabulary, can be daunting. Regulatory audits are now focusing greater attention directly on business associates, and Department of Health and Human Services recently stated that even companies that store and/or process encrypted PHI without an access key, including cloud service providers, are considered business associates. The HIPAA Business Associate Toolkit is designed to provide your businesses with the tools they need to comply with HIPAA and understand how to safeguard against, assess the risk of, and respond to breaches of PHI. Recently, one example of a business associate’s failure to implement basic safeguards resulted in a settlement with the OCR for $650,000 after the theft of an unencrypted iPhone compromised PHI of hundreds of nursing home residents. Joseph M. Miller is an attorney with Shuttleworth & Ingersoll who represents companies and individuals in matters relating to business and healthcare. Miller has led the initiative within the firm in an effort to satisfy this growing demand and simplify the process for businesses. “It is an exciting time for businesses looking to or already providing services in the health care space. It is also a time when business associates are no longer able to “fly under the radar”, so to speak, of federal regulators. This toolkit takes these companies through an often overwhelming process in a cost- and time-efficient manner,” said Miller. Bill Daly is an attorney with Shuttleworth & Ingersoll who works with early-stage companies, including many tech-based startups. For these startups, winning business in the health care industry comes with a complicated set of responsibilities. “Taking on a health care provider as a client requires a specific set of policies and procedures for technology companies. Any service provider that works with medical data should prioritize privacy and security. There’s no room for mistakes, no matter the size of your company,” said Daly. The HIPAA Business Associate Toolkit includes the following components, all available for a fixed fee depending on the needs of the client: Policy templates addressing a business associate’s obligations under HIPAA’s Privacy and Breach Notification Rules.Policy templates addressing each of the approximately 20 HIPAA standards under the HIPAA Security Rule.A checklist for reviewing business associate agreements received from clients.A step-by-step breach analysis worksheet.Up to two hours of individualized advice concerning policies and forms and necessary changes to your existing policies and procedures.Additional services will be available on an hourly basis.The HIPAA Business Associate Toolkit will be available as of December 4, 2017, for a fixed fee. Please contact Joseph M. Miller at jmm@shuttleworthlaw.com for more information. About Shuttleworth & Ingersoll, P.L.C.Shuttleworth & Ingersoll, P.L.C. is a multi-specialty law firm based in Cedar Rapids, Iowa with clients throughout the Midwest and nationally. Established in 1854, the firm has grown to become one of Iowa’s largest firms with nearly 50 talented and experienced lawyers who provide a full-range of health care, business, litigation, family, and intellectual property legal services. Using a collaborative, team-based approach, Shuttleworth & Ingersoll is able to provide innovative, cost-effective solutions to client problems. For more information, visit shuttleworthlaw.com.