According to HIPAA regulations, a software/hardware product cannot be made "HIPAA-compliant." Compliance accountability rests solely with covered entities. Within the operational environments of those entities, compliance depends on policies and procedures that may require the support of IT capabilities to facilitate adherence to HIPAA guidelines. CareCentric’s commitment is to provide IT products and services that can help support covered entities in their pursuit of HIPAA compliance.

As a healthcare software and services vendor, CareCentric is considered a "Business Associate" for its customer base. As such, CareCentric is committed to maintaining its internal processes and procedures to ensure HIPAA compliance. This includes HIPAA-related training of its employees. CareCentric is also committed to providing the necessary software changes/enhancements to help its customers achieve HIPAA compliance within their businesses.

CareCentric's software applications have received approval for all four DMERCs and Fiscal Intermediaries for the 837 Institutional/Professional 4010 A1 format.

CareCentric faxed a standard BAA/privacy addendum to all its customers in June 2002. In February 2005, CareCentric faxed customers a standard Security Rule Amendment, which included the additional language required by the HIPAA Security Rule. If your organization signed the "original" standard BAA with CareCentric ("1448603v2" appears in the lower left-hand corner of the form), you need to be sure you also have a CareCentric-signed Security Rule Amendment. Otherwise, you may simply complete the revised BAA, which includes the additional security language. For more information or for a copy of the BAA, please email Nan Cedarblade.

For other questions or concerns, please contact Nan Cedarblade. Existing customers can also obtain additional information by contacting their customer support service center.

The Health and Human Services Web site provides extensive information on HIPAA.