Dentist Fined $12,000 for HIPAA Breach caused by a business associate
It is not just electronic patient records that need to be protected but also paper records. And you don’t have to worry only about your staff but also your business associates. Not only do you need a written business associate agreement defining the terms of their compliance activities you need to follow up and make sure they are living up to the agreement. The surest method is to ask them for a copy of their most recent HIPAA risk assessment not a HIPAA Checklist but an actual HIPAA risk assessment done to the NIST standards.
By the way, what is the date of your most recent HIPAA risk assessment? Periodic risk assessments followed up by a gap analysis of your risks and a plan to remediate those risks is a HIPAA requirement. Not only for you but also for your business associates.