Why the Omnibus Rule is good for your practice
The ability to glean the silver lining in federal regulations can be challenging for even the most terminal of optimists. Believe it or not, however, the Omnibus Rule actually provides a sorely needed and considerable benefit to small and large medical organization alike. It’s an often overlooked and misunderstood area of the rule relating to Business Associates. To state it succinctly, if managed properly, a Covered Entity can shift liability to their Business Associates. Let’s look at how it works and what you need to do in order to benefit from this risk insulation.
The Omnibus Rule introduced the legal concept of agency. Agency in law has existed for decades and has been extensively tried and tested. Prevalent in many other industries, the formal introduction into the HIPAA enforcement came within the Omnibus Rule. A common use of agency is in real estate, where agents work for their brokers under agency laws. In short, the broker is liable for the behavior of the real estate agent. In the real estate industry, it’s assumed the agent is acting on behalf of, and with guidance from, the real estate broker. By contrast, someone acting independently of another, as in the case of an independent contractor, is held liable for their own actions. While the hiring party may still be exposed, the independent contractor will typically bear the brunt of the enforcement efforts.
However, just because it’s now formally part of the business associate relationship doesn’t mean it will automatically apply in all cases. While the majority of your business associates can be considered independent contractors, how you treat them is a key factor in determining their true legal status.
It’s important for practice administrators to have a basic understanding of how agency law works in order to benefit from its protections. Below are two graphs that depict the chain of liability depending on whether your business associate is an agent or an independent contractor.
Here are five questions you can use to determine if your relationship with your business associate crosses over into an agency relationship:
- Do you exercise control over the details of the work performed by your business associate (if a lot, leans toward agency; if not much, leans toward independent contractor)?
If you outsource your billing, how closely you manage that relationship could threaten the independent contractor classification.
- Is your business associate is engaged in a distinct occupation or business (if no, leans toward agency; if yes, leans toward independent contractor)?
An example of this would be hiring a temporary worker for administrative duties. You may document them and treat them as an independent contractor, but they may in fact be deemed to be an agent of your practice since the work they’re doing may require considerable oversight and is not unique to a specific profession, like medical billing.
- Do you provide the tools and supplies used in the work and the place in which to perform it (if yes, leans toward agency; if no, leans toward independent contractor)?
- Do you have regularly scheduled meetings in which they must attend and are they required to keep regular hours (if yes, leans toward agency; if no, leans toward independent contractor)?
- Is your business associate paid by the job or by the time worked (if the latter, leans toward agency; if the former, leans toward independent contractor)?
Understanding basic principles of the agency versus independent contractor relationship can make the difference between a breach by your vendor escalating to your responsibility or remaining at the business associate level. As a general rule of thumb, if you’re micro-managing a business associate, you may be crossing into an agency relationship. It’s important to contact an attorney with HIPAA experience if you’re undecided about the potential classification of one of your vendors.