[ Wednesday, March 27, 2002 ]
Consultants to the Rescue
. A client asked me whether a consultant could contract with covered entities to provide all of the HIPAA hoo-ha (form policies and procedures, a privacy officer, staff training, safeguards against disclosures), especially the administrative requirements of Section 164.530. I don't see why not. The commenatary about 164.530 specifically says "person" includes entities, so your privacy officer could be a corporate entity (all right, the commentary was talking about a "person" who could rat out a covered entity for HIPAA violations, but if an entity can rat you out, an entity can help you out too). There are businesses like CT Corporate Services that provide corporations with all kinds of services like registered agents and registered offices, so a corporation can conduct business in a state and have CT take care of all of the formalities. Why not a HIPAA corporation that takes care of a covered entities HIPAA formalities? OK, it may be hard for the HIPAA consulting corporation to make policies and procedures that jibe with the covered entities day-to-day operations, but it could be done. Sounds like a good potential business opportunity. . . .
Jeff [11:05 PM]
Blogger: HIPAA Blog - Edit your Template