Skip to content

Outsourcing Your QA Process: What You Need to Know


    Offshore outsourcing is a major step for your home health agency, but is it really legal?

    The answer is yes. Outsourcing offshore is totally legal. In fact, US legislation has passed specific regulations and clear guidelines for healthcare providers and their outsourcing partners. More US companies are leaning towards outsourcing their processes overseas, and the healthcare industry is no exception to it. Aside from significant cost savings, there are other notable benefits of outsourcing that your agency can take advantage of.

    We have summarized the key industry and technical aspects you should look into before finally deciding on the right outsourcing partner:


    The Health Insurance Portability and Accountability Act (HIPAA) is a 1996 US legislation aimed at providing Americans with sustainable health insurance and reducing healthcare violations through strengthened laws and standards.

    Under HIPAA Title II, healthcare organizations, alongside their business associates (i.e. outsourcing partners), must maintain compliance to health data security and privacy regulations established by the US Health and Human Services to safeguard proper handling of protected health information (PHI).

    Founded and managed by our American CEO Laurice Alaan Chiongbian, Qavalo employs a team of registered nurses and therapists that have undergone trainings for HIPAA compliance. Each employee signs a HIPAA compliance agreement to certify their proficiency in handling sensitive patient information. All QA and coding work is done on site, and Qavalo does not employ any remote or work-from-home staff in order to fully monitor HIPAA compliance. Furthermore, Qavalo invests in continuous staff education and research of new regulations to maintain our full compliance with ever-changing industry standards.


    Protected Health Information (PHI)

    Protected Health Information (PHI) is any type of information that reveals a patient/individual’s identity– generated, used and communicated for the purpose of delivering healthcare services. Collection, storage and disclosure of PHI, in any manner or form, (either physically or electronically) is closely regulated by law and shall strictly follow HIPAA compliance guidelines.

    We continuously align our internal process to cover critical security and privacy regulations pertaining to handling of PHI. All our staff are trained to follow in-house work protocols and precautionary measures in working with confidential patient documents. Access to printers and other data capturing devices is limited and strictly controlled.


    Business Associate Agreement (BAA)

    Business Associate is an individual or an entity that carries out certain functions for a covered entity which involves the use and communication of protected health information in any manner or form.

    Under HIPAA, business associates must sign a contract agreement (the BAA) with the covered entity to protect PHI in accordance with HIPAA security and privacy rule mandates. Business associate agreements must specify the BA’s responsibility, scope of work, specific PHI handling permissions, PHI security measures, and PHI violation reporting.

    Our team values how sensitive your patient information is – Qavalo signs service contracts and business associate agreements with all our prospective clients even prior to starting our free trial.



    The Health Information Technology for Economic and Clinical Health (HITECH) Act is a revision to HIPAA enacted in 2009 promoting and adapting to the emergence of new health information technology. Included in it are privacy and security provisions for the electronic transmission of health information.

    Under the HITECH act, business associates are now subject to audits by the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) and can be held accountable for data breach and penalized for noncompliance on HIPAA mandates and other specifications indicated in the required Business Associate Agreement.

    Qavalo strictly adheres to the most updated interpretations of HIPAA compliance guidelines– agencies can rest assured that our team of professionals are equipped with the right knowledge in handling sensitive patient information with utmost confidentiality.



    Payments for non-US providers (either individual or entity), physically performing 100% of operations outside of the United States are considered foreign source, and are not subject to US reporting or withholding; thus, no form 1099 nor withholding is required.

    An outsourcing provider just needs to accomplish and submit an IRS Substitute Form W-8 (Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding and Reporting) to the covered entity to certify their non-US status. Form W-8 need not be filed with the IRS– covered entities may keep it on file as a supporting document in case of audit.
    See: IRS Notice 2001-4

    Our team is ready to fill out an IRS Substitute Form W-8, alongside other necessary documents as part of our client compliance. We can also provide and answer an International Vendor Information Questionaire to further certify Qavalo’s non-US entity status, which we would be happy to format and provide on your agency’s behalf.

    Still not sure if this tax status applies to your agency? See this helpful diagram: Payments to Foreign Entities Diagram


    Experience Risk-Free Outsourcing at Qavalo

    Our team of trained professionals are ready to support your agency documentation, while delivering cost savings and process improvement solutions.

    Get to know how our services are currently helping agencies like yours. Send us an inquiry. Email or call us at 916-282-9868. We want to hear more about your needs and explore how our services can help.