By Jack Anderson
September 10, 2013
We have started surveying business associates(BA) for HIPAA compliance on behalf of covered entities. Thus far two thirds have failed with major gaps in their HIPAA compliance. The survey was developed by our partnerRebecca Herold, CISSP, CIPP/US, CIPP/IT, CISM, CISA, FLMI, www.theprivacyprofessor.com , based on her experience doing over 200 risk assessments of BAs while setting up a privacy and security program for a health insurance company.
The 33 question survey targets the areas that are most vulnerable and answers are weighted based on risk. Their overall scores places them in a red, yellow, or green category. We then can contact the higher risk BAs, review their survey with them and help them remediate the identified risks. If the BA chooses to use Compliance Helper to remediate the risk they get and added bonus of being able to display their on-going compliance to all of their business partners through our Compliance Meter(tm).
The BA Tracker program is a SaaS that gives the covered entity a portal to track all of their BAs, survey them for risks, and help them remediate these risks cost effectively and efficiently. Most BAs can set up a comprehensive privacy and security program for under $1,000 and maintain their compliance for under $100 per month. There is also a program for very small organizations called the CO-OP which costs $125 to set up and only $35 per month for maintenance.