1 (805) GET-AQUA | 1.805.438.2782

HIPAA Summary

All Misc HIPAA Summary

HIPAA Summary

What an interpreting agency should know about HIPAA

HIPAA for Interpreting Agencies

February 3, 2017 by Eric

We want to provide the best services possible for interpreting agencies. In our quest to accomplish that we have worked with many individuals and entities. This document serves to provide lessons learned to interpreting agencies.

Our Compliance

Let us start by stating we are HIPAA compliant. Just because we are doesn't mean your agency is too. We meet all regulation requirements regarding the security and protection of an individuals health care information. For you to comply there are some things the agency should understand which is covered by the rest of the article.

Summary of the HIPAA Security Rule (U.S. Department of Health & Human Services)

PHI: (Protected Health Information)

The clearest definition from a government source has been the following.

The Privacy Rule defines PHI as individually identifiable health information, held or maintained by a covered entity or its business associates acting for the covered entity, that is transmitted or maintained in any form or medium (including the individually identifiable health information of non-U.S. citizens). This includes identifiable demographic and other information relating to the past, present, or future physical or mental health or condition of an individual, or the provision or payment of health care to an individual that is created or received by a health care provider, health plan, employer, or health care clearinghouse. For purposes of the Privacy Rule, genetic information is considered to be health information.

The legal definition we've found vague as defined in Public Welfare (45 CFR 160.103).

Protected health information means individually identifiable health information:
  1. Except as provided in paragraph (2) of this definition, that is:
    1. Transmitted by electronic media;
    2. Maintained in electronic media; or
    3. Transmitted or maintained in any other form or medium.
  2. Protected health information excludes individually identifiable health information:
    1. In education records covered by the Family Educational Rights and Privacy Act, as amended, 20 U.S.C. 1232g;
    2. In records described at 20 U.S.C. 1232g(a)(4)(B)(iv);
    3. In employment records held by a covered entity in its role as employer; and
    4. Regarding a person who has been deceased for more than 50 years.

Many agencies consider any information relating to a patient potentially PHI. We believe this is a misnomer. Cornell University defines health information as the following and haven't found anything with legal standing that says otherwise.

Health information means any information, including genetic information, whether oral or recorded in any form or medium, that:

  1. Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and
  2. Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

Covered Entity: (Health care Provider)

The clearest definition from a government source has been the following.

A Covered Entity is one of the following: covered_entities

When Does An Agency Need To Comply?

First, let's determine whom HIPAA was meant for. The following quote is a clear definition for entities that are required to comply.

Who must comply with HIPAA privacy standards?

Answer:

As required by Congress in HIPAA, the Privacy Rule covers:

  • Health plans
  • Health care clearinghouses
  • Health care providers who conduct certain financial and administrative transactions electronically. These electronic transactions are those for which standards have been adopted by the Secretary under HIPAA, such as electronic billing and fund transfers.

These entities (collectively called “covered entities”) are bound by the privacy standards even if they contract with others (called “business associates”) to perform some of their essential functions. The law does not give the Department of Health and Human Services (HHS) the authority to regulate other types of private businesses or public agencies through this regulation. For example, HHS does not have the authority to regulate employers, life insurance companies, or public agencies that deliver social security or welfare benefits. See our business associate section and the frequently asked questions about business associates for a more detailed discussion of the covered entities’ responsibilities when they engage others to perform essential functions or services for them.

For an interpreting agency that means HIPAA is designed for health care providers. If the health care provider decides they need to present health care information to the interpreting agency then the health care provider will need to have a BAA between them, the covered entity, and you, their business associate. That isn't the end of the BAA needed, the following section is designed to clear the air of questions regarding BAA.

When BAA Is Needed

A HIPAA business associate agreement is needed when a health care provider (potentially an agencies customer) needs to provide health related information (not information to identify an individual) to the interpreting agency. It is the responsibility of health care provider to use their discretion on the necessity of the BAA. If a BAA is signed binding the health care provider to the interpreting agency then another BAA would be required binding Aqua Chroma (the company behind Aqua Schedules) and the interpreting agency. If a BAA is signed binding the interpreting agency with Aqua Chroma then a BAA is also needed between the interpreting agency and every interpreter who may see the health related information.

We don't mind retaining health information because security and privacy are our priorities. The following flowchart is designed to help you determine if BAA are needed for your agency.

covered_entities

The following flowchart is designed to help you understand the network of BAA agreements required for all entities to provide complete HIPAA coverage if a covered entity (health care provider) decides they need to provide the agency with health care information. Since interpreters are almost always considered by the agency as subcontractors they each would need a BAA agreement between them and the agency.

covered_entities
Please let us know if any source websites are updated and links no longer work or fails to contain the source information.

Tag Cloud

Agency Interpreter Requester All

Agency Tour
Interpreter Tour
Requester Tour

Appointment Fields
Billing Period
Day Grid
Day Visual
Distributing Appointments
Future
Month
Offer
Search
Timeline
Unassigned
Week

Billing Bundles
Billing Periodicity
Customer Billing
Interpreter Billing
Invoicing Explained
Tools Calculation
Tools Pending Validation
Tools Review

Consumers

Walkthrough
Billing Accounts
Billing Bundles
Isolate Requesters
Locations
Overview
QuickBooks Link

Google Calendar Access
Google Calendar Walkthrough

Current Availability
See All Interpreters
Time Off
Weekly Availability

Canceled Appointments
Message Log
New Appointments

Message Individual
Message Interpreters
Message Requesters
Messages

Link QBO Walkthrough
Customer Create
Customer Invoice
Customers Import
Customers Sync

Appointments By Customer
Appointments By Month
Appointments Created By Role
Customer Profit Pie
Language Pie
Overview
Status Pie
Top 10
Work Week Pie

Documents
Links

Agency Verification
Bonus to Travel Time
Cell Carrier
Cell Phone
Claims Work
Collect Actual Start/End
Custom Fields
Enable QuickBooks Online
Hide When Available
Homepage
Interpreter: Gender
Interpreter: Minimum Time
Requester: Message Interp
Requester: Select Interp
Splash Pages
Status
User Email
User Name

Agency Cell Phone
Agency Email
Agency Footer Message
Agency Mailing Address
Agency Phone Number
Agency Title

Active Appts In The Past
Appointment Documents
Client Reference
Default Category
Default Language
Digital Signatures
Maximum Duration
New Appts Active
Show All Languages

Badges
Categories
Client Calls
Enable Regions
Interpreter: Creates Appts
New Assigned to Self
Regions
Return Limit
Returns Work

Language

Twilio Walkthrough

Agency Users
Inactive Users
Interpreters
New Users
Requesters
User Roles

Getting Started

Available
Day Grid
Day Visual
Month
Overlap
Search
Timeline

Current Availability
Time Off
Weekly Availability

Billing
Complete Billing
Invoice

Message Log
Reports
Resources
Splash Page

Day
Future
Month
Review
Search
Timeline

Locations
Registration
Splash Page

Authorized Email List
Our Team Compact
Our Team Detailed
Unauthorized Users

Appointments By Interpreter
Appointments By Month
Appointments By Requester
Language Pie
Overview
Status Pie
Work Week Pie

Documents
Links

Appointment Defaults
Change Password
My Settings
Notification Settings
All

Misc

HIPAA Summary

What an interpreting agency should know about HIPAA

Read More

Password Security

An article on why passwords are important and how to keep passwords secure on behalf of the clients and patients.

Read More

Contact

Send us a text message to get started.

Text To Start

1 (805) GET-AQUA | 1.805.438.2782

Quick Links

Home YouTube Library Client Showcase Service Agreement Privacy Policy

Popular Links

Home Calculating Charges Link QBO HIPAA Summary

Aqua Schedules. All Rights Reserved. Marking Site Designed by HTML Codex