Manage third-party business associates with HIPAA compliance in mind

Many healthcare organizations outsource some aspect of their operations — billing, IT services, or records management — which means PHI will be handled by a third party at some point.

A key to successful HIPAA compliance is to manage your third-party business associates. Or, if you are a business associate, you must manage any subcontractor business associates you use.

Business associates are vendors (to a covered entity) that “create, receive, maintain or transmit” protected health information (PHI), while performing a service involving the PHI. They are separately and independently liable for compliance with HIPAA.

To comply, you must conduct due diligence. Three simple steps are required:

identify your business associates (or subcontractor business associates)
ask whether the business associates comply with HIPAA and have they completed a Risk Analysis
enter into a HIPAA-compliant business associate agreement with each business associate

By bpreston|2024-06-25T21:17:48+00:00June 25, 2024|Success|0 Comments

About the Author: bpreston