Ensure Business Associates Conform to HIPAA/HITECH Regulatory Requirements
As more doctors and hospitals are computerizing their medical records, they are experiencing challenges in
protecting patient information. Despite stringent laws with respect to data security, continuing occurrence of data
breaches are disturbing privacy advocates and public health officials.
With organizations turning to outsourcing to reduce operating costs and increase their focus on core
competencies, Third Party Risk Management and Vendor Compliance are growing in importance. According to a
study conducted by Ponemon Institute 42% of breaches are caused by business associates and they represent a
substantial risk to covered entities.
Although outsourcing has its benefits, there are significant risks associated with it and to compound the impasse,
there is a considerable need to comply with regulators including HIPAA, HITECH and others. Due to their business
relationships with their business associates as part of outsourcing business model, it is imperative that health care
establish appropriate measures of protection.
Today, as per HIPAA/HITECH guidelines, healthcare providers need to set up certain administrative, physical and
technical safeguards to protect electronic patient data. They want to see organizations proactively identifying
potential risks, verifying that business partners, providers, and their employees are compliant, monitoring for
changes and managing the investigation and remediation of incidents.
HIPAA and the new HITECH requirements are designed to promote the confidentiality and portability of patient
records; to ensure consistency of the healthcare data. It increases the potential legal liability for non-compliance
and provides for more enforcement. Certain HIPAA provisions also apply directly to Business Associates and third
party vendors and they are required to comply with the safeguards contained in the HIPAA Security Rule (SR).
While organizations must adhere to the Security Rule's standards and specifications for backing up and
safekeeping electronic data, covered Entities also need to institute a contingency plan to be prepared for an
emergency from a major data loss.
But how does a covered entity manage hundreds or even thousands of third party vendors? Covered entities have
too many vendors and limited resources;hence, to cost effectively address increasing risks emanating from third-
party business partners, the use of automated vendor compliance management systems is practical.
One needs to look for solutions that comply with all security and IT-GRC functions that are needed to successfully
manage HIPPA and HITECH security. It must have an easy to adopt or ready-to-use compliance management
framework that ensure compliance at all times. It makes good business sense to ensure that the solution facilitates
centralized document management and remediation management.
Vendor partnership is critical in today’s business model. As an extended wing of the organization, they need to be
as much compliant. Investing in an end-to-end automated vendor solution makes enormous business sense.
Also read more on - compliance management solution, vulnerability management, IT Compliance