The Blind Side of HITECH compliance; Business Associates
A recent survey by HC Pro had over 600 respondents mostly HIPAA privacy officers and HIM directors, and had the following quote "BA requirements under HITECH have changed drastically. Most survey respondents said they feel their BAs are ready, but the scary part is 45% said they are not confident in their BAs’ readiness." Based on my observations and conversations with BAs I think the 55% are over confident.
The key question is have the BAs done a true risk anlysis such as the NIST 800-30 and shared that information with their CE? Risk assessment is a requirement for those wanting stimulus funds. CEs may also require a risk assessment of their BAs if the cost is reasonable. (NIST 800-66)
Don't get blindsided by a breach by one of your BA's with your PHI. Do your own risk assessment and require your BAs to do it also and when you find problems like missing or inappropriate policies and procedures make sure that these problems are fixed. The cost for these services is now reasonable through the use of automation and cloud computing. Take a look at www.acr2solutions.com and www.compliancehelper.com
Subscribe via RSSCategories
- HIPAA HITECH Act
- HIPAA Covered Entity
- HIPAA Business Associates
- Health Information Privacy
- HIPAA Compliance Online Software
- HIPAA Compliant Checklist
Recent Blog Posts
- HIPAA Medical data breaches most often caused by theft
- HIPAA Violations with Paper Records by Business Associate and Sub-Contractor
- Information Security and Privacy Compliance Work Plan by Rebecca Herold, The Privacy Professor
- Business Associates Must Comply with Ther HIPAA Contracts, Now!
- 44% of CIOs say Business Associates Not Ready for "Meaningful Use":Pricewaterhouse Coopers Study Shows
- Business Associates Liable for Breach of Their Business Associate Agreements, Effective February 17, 2010
- more from the blog
