The Joint Commission on Accreditation of Healthcare Organizations is exploring the possibility of joining an effort by the National Committee for Quality Assurance to set standards for certifying business associate agreements for HIPAA privacy compliance, the two organizations said Thursday.
The not-for-profit healthcare quality watchdogs say they signed a letter of intent to "explore a possible collaboration" on a privacy certification program for business associates. Healthcare entities subject to HIPAA privacy regulations must sign privacy protection agreements with all business partners that handle personally identifiable healthcare information.
NCQA had issued draft standards for privacy certification of business associates in December, relating to protection of oral, written and electronically transmitted protected health information; processes for use and disclosure of such data; and employee training.
JCAHO, the nation's largest hospital accreditation body, served on the advisory committee that produced the draft.
"It's a natural area of interest for both of us," NCQA spokesperson Brian Schilling says.
He says that Washington-based NCQA and Oakbrook Terrace, Ill.-based JCAHO will be "working very hard" over the next 45 days to hammer out details of a final set of standards, set for release in May.
Covered healthcare entities must be in compliance with HIPAA privacy regulations by April 14, but previously effective agreements between business associates do not have to be revised to meet federal privacy mandates for up to a year past that date.