Offshore Coding: HIPAA Risks

HIPAA Regulations

From a compliance exposure perspective, we believe that the HIPAA risk associated with sending PHI abroad is simply untenable.  HIPAA is an American law that does not extend beyond our borders.

The only way to ensure HIPAA protection abroad is to do so contractually via a BAA.  There is no regulatory authority abroad for the US Government to prosecute for violations of HIPAA.

Having a BAA in place with an offshore entity may afford you the appearance of contractual protections for the disposition of PHI, however this can prove illusory.  If an offshore entity breaches their BAA with a healthcare provider, the only option for the Covered Entity to attain protection is to point to the Business Associates’ contractual guarantees. 

Serenity Bay Chronicles

However, if the offshore entity does not have US assets they can simply refuse to comply and the only recourse left to the Covered Entity is to try and sue a foreign company.  This process is typically unsuccessful and at the very least costly and time consuming. 

The OIG will hold the Covered Entity responsible for the HIPAA breach.  On top of all of this, the countries for which offshore coding predominantly takes place are some of the world leaders in identity theft.

If your goal is to get cheaper offshore coding, that means the coders abroad are being paid low wages and will therefore have an incentive to appropriate PHI, which is far more valuable than their pay. 

All of these factors provide a greater risk than the possible savings afforded by cheap offshore coding.

——————————————————

Photo courtesy of: The Coding Network

Originally Published On: The Coding Network

Follow Medical Coding Pro on Twitter: www.Twitter.com/CodingPro1

Like Us On Facebook: www.Facebook.com/MedicalCodingPro

CPC Exam Study Guide
CCA Exam Study Guide
CCS Exam Study Guide
CPB Exam Study Guide
CRC Exam Study Guide
Facebook
Twitter
LinkedIn
Pinterest