By sending claims outside of the U.S. for processing, state Medicaid agencies are increasing the risk of compromising beneficiaries' protected health information, according to a report from HHS' Office of the Inspector General.
Of the country's 56 Medicaid agencies, 11 allow administrative functions to be outsourced offshore, and seven currently engage in the practice. These agencies require business associate agreements with contractors to remain HIPAA-compliant, but many do not have any additional rules to ensure the security of health information.
Privacy and security risks are heightened when claims are sent out of the U.S. as many countries have more limited privacy laws and may not have the resources or ability to enforce BAAs, according to the report.
More Articles on PHI:
University Urology Notifies 1,144 Patients Their PHI Was Provided to a Competing Provider
10 Necessary Components of a HIPAA Business Associate Agreement
5 Tips For Protecting Patient Information & Responding to Healthcare Data Breaches