You may be doing everything possible within your organization to be compliant with all the regulations that apply.
In fact you may know HIPAA, FACTA, HITECH and GLB like the back of your hand. But regardless of your competence, almost all organizations rely on outside help to achieve their business objectives.
Are you sure that your business associates are in compliance?
Those who assist your organization with billing, benefits, collections, claims, data processing, insurance, legal services, transcription and temporary office staff also need to measure up to strict standards, proving compliance and protecting data.
Data breach notification requirements within the HITECH Act apply to both covered entities AND business associates – requiring patient notification of any unauthorized acquisition, access, use or disclosure of their unsecured protected health information. If not, their practice and/or protocol may leave you wide open for lawsuits and tremendous fines.
What this means for you is that you need to be even more selective when choosing a business associate.
New relationships and contracts should begin with a complete discovery process that includes written documentation of compliance addressing the regulations that apply within your industry.
Once the relationship is formed, consistent management and regular communication with these vendors is essential. Quarterly vendor reviews should be put in place to ensure that standards are upheld and processes are in place to continue to ensure that compliance is always a priority. Being proactive, asking questions, and documenting activity may save your organization from the errors of others.
Click here to contact a C.O.P.S. Consultant.
Thanks for reading!