Beyond the Agreement: The Critical Importance of Managing Business Associate Risk

Health Care

August 05, 2014
by Rick Ensenbach, CISSP, CISA, CISM, ISSMP, CCSFP

Bookmark and Share
Rick Ensenbach Rick Ensenbach, CISSP, CISA, CISM, ISSMP, CCSFP

View Profile
Business associates play an integral role within every health care organization. Their valuable assistance can range from straightforward janitorial services to very complex and integrated services, such as supporting electronic medical record systems.
But how do you know whether your business associates are taking the proper precautions to safeguard “your” patients’ protected health information (PHI), especially when those services involve access to PHI? A signed agreement is no assurance!
The HIPAA Omnibus Rule issued last year now requires business associates to comply with HIPAA and requires covered entities to obtain “satisfactory assurances” that their business associates have appropriate safeguards in place to protect against a breach of PHI.
Certainly, HIPAA has always included language requiring covered entities to ensure business associates safeguard PHI. However, the original language in HIPAA was a bit vague and somewhat weak. Well, that is no longer the case.
Download the article below to read more.

Average Rating:

Length: 2 pages (PDF 124 kB)

Rate this Article
*  =  required fields
Your Rating*
E-mail Address*