In a continuation of Mac’s blog series on the OCR HIPAA audit process, he takes a look at one aspect of an organization’s privacy and security program – management of business associates – which represents a considerable risk for many covered entities today.
Business associates provide many important services that support the business of the covered entity. These services include transcription, claim processing, laboratory tests, radiology, system administration, data hosting, etc., and they make it possible for small organizations in particular to offer full-service support to patients. Such services can require us to permit access to critical systems that hold patient information, or, in some cases, transfer patient data to a third party for processing and retention. When we engage with these business associates, we need to ensure that sound practices are in place for managing the risk involved.
Read the full article here: http://www.physbiztech.com/blog/reducing-risk-improving-vendor-management