Business Associates now have a contractual liability to Covered Entities for HIPAA compliance. These recent regulation changes have effectively created an e-PHI supply chain. Every member of this chain needs visibility into the risk associated with the Business Associate relationships employed downstream.
The definition of a Business Associate also includes HIEs, RHIOs and BA subcontractors with access to e-PHI. The issue of “dual liability” between these relationships represents a significant financial risk to Covered Entities.
Tracking risks around Business Associates manually is a labor intensive and error prone process. The need for ongoing validation and the number of Business Associates that must be validated compounds the problem.
How We Help
CompliancePoint provides third party compliance monitoring of Business Associates by performing an initial gap assessment, maintaining ongoing (daily, monthly, quarterly and annual) compliance tasks and preparing audit documentation for planned and unplanned audits.
We also leverage advanced technology solutions to automate the process:
- Compliance Automation Portal - provides an easy-to-use security control system for managing all internal and Business Associate compliance initiatives. The portal allows you to:
- Access assessment documents and manage policy and procedures
- Map technical controls across multiple compliance requirements
- Import vulnerability and event data from logging and scanning technologies
- Provide ongoing feedback of compliance levels
- Generate planned and unplanned audit documentation
- PIIFinder - scans file shares and databases for a variety of personally identifiable information. This process is an essential component of HIPAA, Privacy, PCI, and other regulatory compliance.
- HIPAA Security Awareness Training - provides an introduction to information security concepts such as information assets, information asset classification, information security policy, HIPAA security framework, cyber-crime, and the layered approach to security.
For more information on our HIPAA/HITECH Assessments, email hipaa@compliancepoint.com or call (800) 585-4888.