By Jack Anderson
February 13, 2013
This excellent article in Privacy and Security Matters, by Cynthia LaRose a healthcare attorney at Mintz Levin describes a recent settlement with the Massachusetts Attorney General. Here is what they were cited for failing to do:
-
inquire about the vendor’s methods for ensuring adequate safeguards for protecting PI and PHI;
-
inquire about the vendor’s methods for disposing of PI and PHI;
-
inspect the vendor’s facilities;
-
request a copy of the vendor’s policies and procedures or contracts that detail the vendor’s method for disposing of PI and PHI;
-
verify that employees of the vendor who come into contact with PI or PHI are adequately trained regarding the appropriate methods for handling or disposing of such information.
These are questions that are included in the survey of business associates (BA) done by BA Tracker as part of the process of helping covered entities manage their BAs. Take a look at www.compliancehelper.com/batracker and request a hands on demo.
Here is a link to the full article: http://www.privacyandsecuritymatters.com/2013/02/business-associates-beware/