Business Associates Need Proof of HIPAA HITECH Compliance

As we have been saying for a couple of years, covered entities are going to start asking for proof of HIPAA compliance before they will do business with business associates and this will extend to the subcontractors of these business associates. What will drive this is the healthcare law firms advising their clients, the covered entities to amend their BA agreements to provide for the “right to audit” or some other means of checking on their on-going compliance.

http://healthitsecurity.com/2013/01/29/will-hipaa-omnibus-subcontractor-rules-reduce-data-breaches/

“I’m seeing a lot of healthcare providers, for example, asking to see policies and procedures before entering into an agreement. And we’re seeing them asking for the Right to Review books and records. And other things such as SAS No. 70 results to ensure they’re a trusted vendor. They have to do that because they’re on the hook if the BA drops the ball, even though the BA is directly liable”.Dianne Bourque, partner at Mintz Levin and HIPAA expert.

The solution for the covered entity is a cost effective and efficient method of monitoring the on-going compliance of their BAs and Subs and for the BAs and Subs a cost effective and efficient method of getting compliant, staying compliant, and proving compliance. Compliance Helper provides the solution for both sides of the equation.

For the CE we offer BA Tracker. The list of BAs from the CE is loaded into BA Tracker and then surveys are sent to each BA. These surveys not only ask about BA agreements but also about types of PHI accessed, methods of accessing and storing PHI, and compliance efforts. The surveys are scored and the BAs are assigned a risk category. Those in the higher risk categories are offered risk remediation services from Compliance Helper which start at as little as $125 for very small BA or Subs. Once enrolled in these services the CE has complete transparancy of their on-going compliance efforts.