HIPAA Blog Posts: HIPAA Business Associates
If you were lucky enough to not receive one, here is the questionnaire that is going out to all potential audit winners. http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/questionnaire/index.html
Just getting your business associates to sign a BA agreement is not enough. You need "satisfactory assurances" such as documented HIPAA security awareness training, to protect you.
OCR Director, Jocelyn Samuels, reinforced the need for an enterprise-wide assessment when she stated, “[a]ll too often we see covered entities with a limited risk analysis that focuses on a specific system such as the electronic medical record or that fails to provide appropriate oversight and accountability for all parts of the enterprise.”
If a covered entity is audited, their business associates will be included in the audit, and if the business associate fails, so does the covered entity.
To guard against data breaches, healthcare organizations must demand more proof of how their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.
Getting a HIPAA risk assessment is a requirement but what is the definition of a HIPAA risk assessment and what should you buy?
If you store either PHI (Protected Health Information) or EPHI (Electronic Protected Health Information) you are a business associate and must be HIPAA compliant.
A healthcare insurer received a $3.5 million fine and CAP (Compliance Action Plan) for multiple breaches caused by no policies, no risk assessment, and no business associate agreement with a major vendor.
Industry experts are calling for more enforcement of HIPAA regulations on business associates, according to this article in healthcareinfosecurity.com.
Business associates can go from zero to HIPAA compliance in 72 hours with the new Jumpstart program from Compliance Helper and ACR2 Solutions. This includes an initial risk assessment, policies, training, and an updated risk assessment. Everything you need to prove that you are HIPAA Compliant.