05-07-13 | Blog Post
Everybody put your party hats on, it’s time to celebrate! May 5-11 is Corporate Compliance and Ethics week, which means it’s the perfect time for taking stock of your business and finding some great ways to make compliance a culture you and your staff can celebrate year-round.
Online Tech is doing our part to celebrate Compliance Week by spending some time with our friends down in the Indy-city for the Indiana HIMSS spring conference today. With the focus of today’s conference being innovation, compliance week couldn’t have come at a better time.
Health IT, with hot topics like BYOD and mobile health are paving the way for different ways for patients and physicians to think about healthcare responsibility and management, which brings compliance struggles into the limelight. Couple that with the Health and Human Services (HHS) decision to hold Business Associates (BA) responsible for their spoke in the HIPAA compliance wheel, and all eyes should be on the compliance guidelines.
With all the importance put on having each company and their BAs compliant, it’s hard to hear that 68% of healthcare directors and IT managers who responded to the Healthcare Information Security Today 2013 Outlook Survey aren’t confident in the security measures controlled by their BAs. Here are a few tips that could help lower that statistic:
Get The Audit Report
This is step one when you’re shopping around for a HIPAA compliant hosting provider. Any prospective provider should have been independently audited and will have a report to share with you. Do your due diligence and check that report. While it isn’t going to guarantee your total compliance, you need to know your patient’s data is being secured, even if you aren’t there to secure it.
Get a BAA Signed
This isn’t negotiable. Hosting providers for healthcare companies are considered Business Associates, and as such need to sign a Business Associate Agreement (BAA) with you, clearly stating what duties they’ll be performing, and what physical, administrative, and technical safeguards they have in place for your PHI. Word from the wise:
If you use a cloud service, it should be your business associate. If they refuse to sign a business associate agreement, don’t use the cloud service. – David S. Holtzman of the Health Information Privacy Division of OCR during a speech at the Health Care Compliance Association’s 16th Annual Compliance Institute.
That should be true of any hosting solution and provider you consider working with.
So celebrate getting compliant along with us and the Society of Corporate Compliance and Ethics. Read our HIPAA white paper. Check out our HIPAA hosting resources. Most importantly, let us know what you’re doing to keep compliant throughout the year!
Society of Corporate Compliance and Ethics
HHS: Modifications to the HIPAA Privacy, Security, Enforcement and Breach Notification Rules (PDF)