On March 16, 2016 the Department of Health and Human Services Office for Civil Rights made a statement that says the provider organization lacked a HIPAA-required business associate agreement with the vendor, which had access to protected health information. In addition, the provider had not conducted the HIPAA required enterprise wide risk analysis.
Attorney David Holtzman, vice president of compliance at the security consulting firm CynergisTek, says it’s crucial that healthcare organizations develop a vendor management program “that can scrutinize each time that a vendor or contractor is being sought to evaluate if the service provider will be receiving, maintaining or creating protected health information so that the business associate agreement required by the HIPAA standards will be in place.”
Click Here for the full story from Healthcare Info Security
At HealthGuard we have several solutions to help with not only Risk Analysis but also to give much needed visibility to Business Associates. Contact us today!