By: Stephen Siegel
An ACO might be a HIPAA Covered Entity, a Business Associate, or both. Unlike the waivers to the Federal health care programs’ Kickback Prohibition and the so-called Stark Law for arrangements that further the MSSP’s “triple aim”, neither the OIG, CMS, nor the HHS Office of Civil Rights has granted any relief for ACOs from the requirements of HIPAA-HITECH. ACOs, therefore, need to take care to ensure that they and their participating providers exchange protected health information in compliance with these obligations.