All you covered entities out there! You know who you are!
Do you know that since HITECH went into effect that the number of security incidents and breaches caused by Business Associates has increased?
Did you know that before HITECH went into effect, that Business Associates still were a root cause of security incidents and breaches?
Protect yourself and your organization against vendors who may still not be aware that they have the same requirements that you do. The only thing that HITECH did was clarify the requirements that vendors are mandated to comply.
What do you know about the organizations you may choose to handle all or some of the services you provide? What do you do to oversee and verify that the appropriate controls are in place to protect your callers and your organization?
A few things to think about doing, if you aren’t already:
- The no brainer of course is having a fully executed Business Associate Agreement (BAA) that clearly defines roles, responsibilities, reporting requirements, and timeframes
- Conduct a pre-delegation audit and, at minimum, annual audits thereafter
- Review vendors’ policies and procedures as it relates to security, privacy, and compliance. Are they based on recognized standards such as NIST and PCI DSS?
- What do vendors do to monitor controls and security risks? What staff educational programs are conducted and how frequently? New hire and annually?
- Randomly interview staff who handle or will handle services for you. Does the front line staff understand the organization’s policies and procedures?
- Tour the facility, what do you see? Do you see adherence to policies and procedures or gaps? A valued partner should welcome and invite you to see their operation
- Do you meet with your vendors at regular intervals?
With the increasing liability that you face, it is important to partner with a vendor who takes compliance as seriously as you do. With Ameridial you will be assured that all controls that protect your callers, your clients, and your organization are in place and fully vetted. Ameridial is independently audited to maintain its SSAE 16 SOC II certification and PCI certificate. The controls are based on NIST and PCI DSS standards.
The added value with Ameridial is its compliance office and its threat awareness that ensures protection against known and potential risks. The individuals within the compliance office have vast experience in both banking and healthcare privacy, security, and compliance.
BAA I tell you! You know who you are! We know who you are and we are watching out for you.