HIPAA Audit: OCR Is On The Move
With a number covered entities not even knowing who their business associates are, it is no surprise that there are many of them dealing with the challenge of ensuring that their business associates are HIPAA compliant. Revising existing business associate agreements and getting more Business Associates to sign agreements, are topping the HIPAA Omnibus Rule compliance challenges, as per the recent 2014 Healthcare Information Security Today survey.
Security specialist Andrew Hicks, who analyzed the results of the survey, contended that covered entities need to scrutinize their BA’s security efforts based on the risks involved. While there are numerous BA agreements tossed about the healthcare industry, there are some covered entities going to great lengths to ensure that the BA are leaning backwards and forwards, just to prove they are compliant. Hicks, also believes that compelling all business associates to go through a costly assessment may not make the most sense for every single type of business associate.
With business associates bound by HIPAA compliance requirements, they can also be subjected to audits by the Department of Health and Human Services in the near future. Therefore it is essential for organizations to adopt a risk-based approach and consider the risk that a business associate gives back to that covered entity, and thus to manage those BAs appropriately.
Business associates can avert security threats, prevent data breaches, and avoid consequent legal action with a solution like Aegify SecureGRC and Aegify Vendor Management. Designed by eGestalt’s team of qualified experts who have vast experience in the area, Aegify has built-in security best practices, security scans, implementation brief, citation guidance, policies, and risk parameters, and provides an inside audit of the state of security and compliance.
Related posts
