By Jack Anderson
May 29, 2013
No less an authority than the head of HHS OCR reaffirmed that a risk analysis followed by an ongoing risk management program is essential for HIPAA compliance. Speaking at OCR/NIST 6th Annual Conference on Safeguarding Health Information: Building Assurance through HIPAA Security, he made it abundantly clear that “ (1) an ongoing failure to comply with the HIPAA Privacy and Security Rules, and (2) an unforgivable disclosure” would result in monetary fines.
Having HIPAA compliance metrics in place with visual displays of your ongoing compliance is the only way to be assured that you are compliant at all times. Compliance is easy to let slip and trying to catch up is hard. The risk analysis is a snapshot that is valuable but needs to be supplemented with dashboard displays like our Compliance Meter (tm) which show at a glance your current level of compliance. You should also ask this from your business associates as you are responsible if they breach. True, they are now responsible also but that doesn’t mean that the covered entities or business associates in the chain won’t bear blame as well.
BA Tracker allows either a covered entity or a business associate to see at a glance the compliance level of all of their business associates. HIPAA requires covered entities to get “satisfactory assurances” that their business associates are compliant. BA Tracker is a cost effective, efficient method of getting “satisfactory assurances” and our Prepare/Care programs help the BAs get compliant, stay compliant, and prove compliance with our Compliance Meter(tm).
Here is a link to the complete article: http://www.dataprivacymonitor.com/hipaahitech/hhs-ocr-director-leon-rodriguezs-dialogue-on-hipaahitech-compliance/#page=1