By Jack Anderson
December 8, 2015
The spotlight is getting ready to shift to business associates in the HIPAA enforcement world, which, is long overdue. I would agree with Mac McMillan’s assessment in this interview at http://www.healthcareinfosecurity.com/interviews/business-associates-hipaa-enforcement-priority, that many business associates are not HIPAA compliant. This is based on discussions I have with them every day. The blame for this can be shared by HHS, OCR, and the covered entities themselves.
Just yesterday I had a conversation with a new client where he mentioned that their biggest and oldest client , a large hospital group, had never asked them to sign a business associate agreement. The client has access to large amounts of PHS and has taken steps to become compliant without any pressure from their covered entities.
Over the years we have had many phone calls from panicked business associates stating that a potential new client wouldn’t sign a contract until they could provide proof of HIPAA compliance. Since there is no certification process approved by HHS we developed complance metrics and the Compliance Meter(r) to give them a method of proving their compliance. In addition we developed technology that would allow the covered entity to actual view their compliance activities remotely.
We have now added to that by providing our clients with a service that allows them to document their compliance with quarterly risk assessments adminstered using the NIST protocol. This allows them to demonstrate their progress in maintaining and updating policies, implementing them and training their staff.
With new rules allowing us to eliminate regulations that are not “reasonable and appropriate” to the organization, we can help a client achieve initial HIPAA compliance in as little as 72 hours.
If you would like more information go to www.compliancehelper.com or email me at Jack@compliancehelper.com