If you are a Covered Entity, you have a vested interest in ensuring your Business Associates are HIPAA compliant. The Office for Civil Rights (OCR) has recently increased its scrutiny of Business Associates, as evidenced by several highly publicized HHS Resolution Agreements levied against this sector. When a Business Associate is found in violation of HIPAA law, the reputation and public trust of the related Covered Entity is negatively impacted. Furthermore, federal law requires Covered Entities to take reasonable steps to ensure their Business Associates maintain HIPAA compliance. With stakes this high, Covered Entities would do well to ensure they have employed a solid Business Associate Management Program.
Is your Healthcare organization equipped to respond to a suspected or confirmed data breach? According to Ponemon’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, data breaches in healthcare remain consistently high for the 6th consecutive year in terms of volume, frequency, impact, and cost. In fact, nearly 90 percent of healthcare organizations represented in this study had a data breach in the past two years, and nearly half, or 45 percent, had more than five data breaches in the same time period.
Does your organization perform routine HIPAA Security Risk Analyses? If so, are those analyses “good enough”? With the 2016 Office for Civil Rights (OCR) audits currently underway, and more audits looming for 2017, healthcare organizations would be wise to shore up their security regimens to ensure compliance with the HIPAA Security Rule.