5 Tips to Reduce Third-Party HIPAA Risk

Healthcare industry leaders identified third-party risk as an increasingly pressing issue for both covered entities and their business associates during Clearwater Compliances' most recent monthly HIPAA-HITECH Blue Ribbon Panel.

During the panel discussion, Health IT Officer for Mountain View, Calif.-based Symantec Corporation, David Finn said HIPPA and the HITECH Act have created "a chain of trust that doesn't end." If hospitals do not take reasonable measures to ensure their business associates are HIPAA compliant, they risk being swept up in enforcement actions that potentially result in significant financial and reputational damage, according to the panel.

"The rules have made it easier for organizations to have penalties levied against them because of the actions of a subcontractor," said Elizabeth Warren, a healthcare attorney with Nashville, Tenn.-based Bass Berry & Sims, in the panel discussion. Although it is important for healthcare organizations to make sure their subcontractors are compliant with the rules, if an organization gets too involved, it risks assuming more responsibility than it needs to shoulder.

In order to deal with third-party risk, the panel provided the following best practices for dealings with subcontractors and business associates:

  • Create an inventory of all your business associate relationships.
  • Rank order of business associates on key variable such as the sensitivity of the patient data they have access to, the nature and frequency of that access and their track record with data privacy and security.
  • Be sure to update all business associates and subcontractors on the latest regulatory requirements.
  • Conduct a summit to help business associates and subcontractors better understand their responsibilities and how to enhance their HIPAA compliance efforts.
  • Implement an ongoing business associate monitoring and management program.

 

More Articles on the HITECH Act:

5 Steps for Safeguarding PHI in the New Healthcare Environment
5 Things to Know About the HITECH Act on Its 5th Birthday
Top 5 Causes of Major Data Breaches in Past 6 Months

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.

 

Featured Whitepapers

Featured Webinars