Are you a technology vendor to healthcare players in the United States? If so, there’s a very good chance you’ve been asked by your client to be HIPAA compliant and to sign a business associate agreement (a “BAA”). If, however, you’re not sure whether your organization is, in fact, HIPAA compliant, now is the time to take steps to address that potential compliance gap.

The Health Insurance Portability and Accountability Act (aka, “HIPAA”), a federal law, was enacted by the United States Congress in 1996 to safeguard US-based individuals’ protected health information (aka “PHI”). HIPAA comprises two primary actors tasked with protecting PHI: the first party is known as the covered entity. Covered entities are a select group consisting of health care providers ranging from hospitals to individual doctors, insurance companies, billing companies and more. 

The second party is the business associate, or any non-healthcare company providing services to a covered entity with access to PHI. Business associates today span broad and diverse verticals, such as IT and enterprise software, cyber-security, big data analytics, AI developers, and so much more.

 

Why should you consider HIPAA compliance?

HIPAA mandates that covered entities may only work with business associates that are HIPAA compliant if the work requires the exchange of PHI. If you are a company seeking to provide services to a covered entity, you must have a HIPAA program in place before signing a BAA, as most BAA’s presume the signing party is already HIPAA compliant.  Not having such a program can result in both a HIPAA violation and breach of the BAA.

In Israel, the number of technology companies providing services to covered entities in the United States continues to grow rapidly. Regardless of whether these companies intend to keep the PHI state-side or alternatively transmit the data back to Israel, in order to provide services which may include or require the vendor having access to PHI, all of these companies are required to be HIPAA compliant.  Any business associate providing services to a covered entity without being HIPAA compliant risks large fines of hundreds of thousands or even millions of dollars, whether those fines are imposed on the business associate directly or on the covered entity for having engaged a service provider that isn’t HIPAA complaint.  By way of illustration, Anthem Health, one of the largest U.S.-based health insurers was fined $16 million in 2018 over HIPAA violations that affected over 70 million Americans, and Cottage Health has been fined twice (once in 2018 and second time in 2019) for $3 million as a result of various HIPAA violations.  Thus, it is vitally important you ensure that your organization is compliant before entering into a contract with a covered entity that mandates HIPAA compliance.

 

How can Greenberg Traurig Tel Aviv help your company?

GT is one of the few, if not the only, law firm in Israel that provides HIPAA legal counseling for Israeli technology companies.  Through our proven systems and processes, we’ve successfully assisted many companies, both large and small, to achieve the requisite compliance that has enabled them to participate and become active players in the US healthcare system.  GT has a track record of building tailor-made HIPAA compliance programs for some of Israel’s largest multi-national organizations, as well as early-stage start-ups, thereby enabling them to enter and transact in the US healthcare marketplace. 

We use our knowledge of the latest HIPAA regulatory developments and our experience of counseling Israeli technology companies to identify and bridge critical compliance gaps. Our full service starts by analyzing the company’s operational landscape and identifying where and whom within the company may come into contact with PHI, then we support the company to draft policies and procedures, complete documentation, and finally engage in training their workforce, which is key to HIPAA compliance.

Entering the US healthcare system is a key goal for many Israeli technology companies, but HIPAA can prove to be a complex and costly barrier. With Greenberg Traurig’s support, HIPAA compliance can be achieved cost effectively and efficiently, thereby enabling you to reach your goals. Look us up today.