Auditor for a health plan - Business Associate?

[Guest cstrong]

The auditor of our health plan insists they need claims info. to complete the Form 5500. Accordingly, we asked them to sign a BAA, but they are only willing to sign a confidentiality agreement (which doesn't meet the requirements of a BAA). Has anyone run into this problem? I can't think of an exception to HIPAA for an auditor. Thank you in advance.

[French]

We had out auditors sign a BAA in 2004 before they began auditing our health plan for 2003. We had no resistance from them though there were several versions of the BAA before final signatures obtained.

[BeckyMiller]

The AICPA employee plans web page has some information on the auditors duties with respect to such agreements. See http://ebpaqc.aicpa.org/Resources/Health+a...+Agreements.htm

The negotiating of what the auditor can sign is a major issue for most health plan audit engagements. This should be covered during the planning phases of the work. But, even when it is done there, individual claims administrators may change policies and ask for other documents.

Sponsors need to know that the testing of claims data is a required audit procedure and one that the DOL has recently focused upon in their evaluation of the competency of plan auditors.