Determine the Compliance Levels of BAs with Vendor Compliance Management by eGestalt


More Info
									        Determine the Compliance Levels of BAs with Vendor Compliance Management

Today healthcare fraudsare so widespread and increasingly sophisticated that the federal government is doing all it
can to put a stop to it. With HIPAA and HITECH Acts already implemented, medical practitioners need to ensure
HITECH/HIPAA compliance at any cost, if they do not want to be on the wrong side of law. Apart from medical
practitioners, the HIPAA and HITECH acts are applicable to Covered Entities as well as Business Associates (BAs).
The section 13401 of subtitle D (Privacy) of the HITECH Act (42 USC 17931) states that "the additional
requirements of this title that related to security and that are made applicable with respect to Covered Entities
shall also be applicable to such a Business Associate and shall be incorporated into the business associate
agreement between the business associate and the covered entity."However, before delving further, it is
important to know who all come under the categories of Covered Entities and Business Associates as per the

A Covered Entity is any of the following:

         A health care provider that conducts certain transactions in electronic form
         A health care clearinghouse
         A health plan

BAs include but not limited to

         Pharmacy benefit managers
         Offsite backup facilities
         Transcription services
         CPA / attorney / law firms who have access to PHI
         Remote managed services
         Billing services
         IT Service Provider
         Third party administrators that assist health plans with claims processing
         Consultants that perform utilization reviews for a hospital

Statistics show that data breaches have affected nearly 11.6 million individuals, out of which 6 million records
were handled by the BAs. As per HHS, the average number of individuals per breach through the BA was 102,678.
Hence, medical practitioners need to ensure that business associates and their sub-contractors are indeed
HIPAA/HITECH compliant as much as they are. Otherwise, they would have to face penalty as high as $50,000 and
if proven willfully negligent, the amount can go up to $ 1.5 million. In such a scenario, what the medical
practitioners need is a vendor compliance management solution that helps to know the extent of compliance of
BAs to HIPAA / HITECH regulatory requirements. It provides an understanding of their security and compliance
levels, the risk exposure through a quick scan in an automated way.

Thus by helping to resolve any processes or systems that are out of compliance, this automated IT security and
compliance management solution transforms regulatory compliance from a reactive to a proactive environment.

Also read more on - HIPAA and HITECH, vulnerability management, IT security and compliance

To top