Business associates play an integral role within every health care organization. Their valuable assistance can range from straightforward janitorial services to very complex and integrated services, such as supporting electronic medical record systems.
But how do you know whether your business associates are taking the proper precautions to safeguard “your” patients’ protected health information (PHI), especially when those services involve access to PHI? A signed agreement is no assurance!
The HIPAA Omnibus Rule issued last year now requires business associates to comply with HIPAA and requires covered entities to obtain “satisfactory assurances” that their business associates have appropriate safeguards in place to protect against a breach of PHI.
Certainly, HIPAA has always included language requiring covered entities to ensure business associates safeguard PHI. However, the original language in HIPAA was a bit vague and somewhat weak. Well, that is no longer the case.
Download the article below to read more.
Length: 2 pages (PDF 124 kB)