HIPAA Security Requirements For Medicare Trading Partners
A/B MACs, DME MACs, CEDI, and other entities contracting directly with CMS are considered service providers to CMS. As such, these entities are part of CMS’ system security boundary and must be in compliance with the Federal Information Security Management Act (FISMA) and are subject to CMS security policies. Covered entities, trading partners and business associates not contracting as service providers to CMS are outside of the CMS system security boundary and are not considered as FISMA entities. These entities must comply with the mandates of the HIPAA Privacy and Security Rules as well as the mandates defined in ARRA/ Health Information Technology for Economic and Clinical Health (HITECH).
A trading partner submitting an EDI Enrollment Agreement attests that it has executed Business Associate Agreements (contracts), as mandated by HIPAA and ARRA/HITECH, with each of its business associates. Moreover, the trading partner attests that it has full responsibility, as mandated by HIPAA and ARRA/HITECH, for notification of breaches of protected health information caused by the trading partner or its business associates.
To learn more about EDI Security Requirements and become a certified EDI Professional please visit our course schedule page.