By Jack Anderson
September 17, 2013
Determining whether a business associate (BA) is an agent can be a tricky business as it depends on the level of control that the covered entity (CE) has over the BA. CEs have been lax in monitoring and managing their BAs so consequently have little information about the BA. The safe harbor created by the BA agreement is no longer in effect and therefore CEs need to gather more information about what PHI they access, how they store it, how they process it and importantly how they protect it.
To prepare for this change under the Omnibus rule, healthcare law firms are recommending that covered entities and business associates should review their HIPAA compliance programs and the HIPAA compliance programs of their downstream business associates and subcontractors to ensure HIPAA and HITECH compliance. Compliance Helper has developed BA Tracker to help CEs manage their BAs cost effectively and efficiently. BA Tracker sends an email on behalf of the CE asking the BA to take a 33 question survey. Their answers are weighed for risk and they are assigned to a risk category of red, yellow, or green. Higher risk BAs may be asked to remediate these risks. Compliance Helper offers remediation programs that are affordable for all sizes of BAs and once they are compliant they can demonstrate that compliance through the Compliance Meter (tm). For more information go to www.complianchelper.com/batracker or contact jack@compliancehelper.com for a demo.