HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a 1996 U.S. legislation aimed at providing Americans with sustainable health insurance and reducing healthcare violations through strengthened laws and standards.

Under HIPAA Title II, healthcare organizations, alongside their business associates (i.e. outsourcing partners), must maintain compliance with health data security and privacy regulations established by U.S. Health and Human Services to safeguard proper handling of protected health information (PHI).

Ardentus employs a team of healthcare and allied professionals that have undergone training in HIPAA compliance. Each employee signs a HIPAA compliance agreement to certify their proficiency in handling sensitive patient information. Ardentus monitors HIPAA compliance on a continuing basis. Furthermore, we invest in continuous staff education and research into new regulations to maintain our full compliance with ever-changing industry standards.

PHI

Protected Health Information (PHI) is any type of information that reveals a patient/individual’s identity– generated, used and communicated for the purpose of delivering healthcare services. Collection, storage and disclosure of PHI in any manner or form (either physically or electronically) is closely regulated by law and shall strictly follow HIPAA compliance guidelines.

We continuously align with our internal processes to cover critical security and privacy regulations pertaining to the handling of PHI. All our staff are trained to follow work protocols and precautionary measures when working with confidential patient documents.

BAA

Business Associate Agreement (BAA)

A Business Associate is an individual or entity that carries out certain functions for a covered entity which involves the use and communication of protected health information in any manner or form.

Under HIPAA, business associates must sign a contract agreement (the BAA) with the covered entity to protect PHI in accordance with HIPAA security and privacy rules mandates. Business associate agreements must specify the BA’s responsibility, scope of work, specific PHI handling permissions, PHI security measures, and PHI violation reporting.

Our team values how sensitive your patient’s information is – Ardentus signs service contracts and business associate agreements with all our prospective clients prior to starting our service.

HITECH

The Health Information Technology for Economic and Clinical Health (HITECH) Act is a revision to HIPAA enacted in 2009 promoting and adapting to the emergence of new health information technology. Included in it are privacy and security provisions for the electronic transmission of health information.

Under the HITECH act, business associates are now subject to audits by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) and can be held accountable for data breaches and penalized for non-compliance with HIPAA mandates and other specifications indicated in the required Business Associate Agreement.

Ardentus strictly adheres to the most updated interpretations of HIPAA compliance guidelines– clients can rest assured that our team of professionals are equipped with the right knowledge in handling sensitive patient information with utmost confidentiality.

Taxation

Payments for non-US providers (either individual or entity), physically performing 100% of operations outside of the United States are considered foreign source, and are not subject to US reporting or withholding; thus, no form 1099 nor withholding is required.

An outsourcing provider just needs to complete and submit an IRS Substitute Form W-8 (Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding and Reporting) to the covered entity to certify their non-US status. Form W-8 need not be filed with the IRS– covered entities may keep it on file as a supporting document in case of audit.

Our team is ready to fill out an IRS Substitute Form W-8, alongside other necessary documents as part of our client compliance. We can also provide and answer an International Vendor Information Questionnaire to further certify Ardentus’ non-US entity status, which we would be happy to format and provide on your organization’s behalf.