You may be doing everything possible within your organization to comply with all the regulations that apply.
In fact, you may know HIPAA, FACTA, HITECH, and GLB like the back of your hand. But regardless of your competence, almost all organizations rely on outside help to achieve their business objectives.
Are you sure that your business associates are in compliance?
Those who assist your organization with billing, benefits, collections, claims, data processing, insurance, legal services, transcription, and temporary office staff also need to measure up to strict standards, proving compliance and protecting data.
The HITECH Act’s data breach notification requirements apply to both covered entities AND business associates – requiring patient notification of any unauthorized acquisition, access, use, or disclosure of their unsecured protected health information. If not, their practice and/or protocol may leave you wide open for lawsuits and enormous fines.
This means that you need to be even more selective when choosing a business associate.
New relationships and contracts should begin with a complete discovery process that includes written documentation of compliance addressing the regulations that apply within your industry.
Once the relationship is formed, consistent management and regular communication with these vendors are essential. Management should put quarterly vendor reviews in place to ensure that standards are upheld and that processes are in place to ensure that compliance is always a priority. Being proactive, asking questions, and documenting activity may save your organization from the errors of others.
Click here to contact a COPS Consultant.
