Five Questions to Ask Your Business Associate: Question #2 HIPAA Audits

Posted 1.27.12 by
wpadmin
Blog

Following up from last week’s question #1, the second most important question to ask a Business Associate is:

Who performed your independent HIPAA audit and do you provide copies of the audit report?

This single question quickly reveals Business Associates who take HIPAA compliance seriously.

Business Associates who have invested in an independent HIPAA audit benefit from:

  • objective feedback from a HIPAA expert,
  • guided improvement of security processes and procedures,
  • training all of their employees about HIPAA security,
  • better preparation in the event of a PHI breach.

When you see what HHS requests after a PHI breach, you’ll see there’s no way that the requested documentation can be prepared in 10 days. 10 weeks or 10 months would be more appropriate.

Some will argue that the cost of getting an independent HIPAA audit is prohibitive, but compared to the costs of a PHI breach, it’s truly trivial. Consider this: current class action lawsuits seek $1000/patient record breached. When a laptop was stolen from the Massachusetts eHealth Collaborative, 13,687 patient records were taken. There are 2 pending class action lawsuits.

2 lawsuits * 13,687 patient records * $1000/patient record = $27,374,000

Still think investing in an independent HIPAA audit is too expensive or overwhelming? Make sure you outsource health care IT services to Business Associates who are independently HIPAA audited and will share a copy of the audit report with you.

Next week we discuss policies and technologies used to protect health care applications and PHI data.

References:

Why Business Associates Should Invest in a HIPAA Audit
NY Times Article: Digital Data on Patients Raises Risk of Breaches

Related resources:

HIPAA, HITECH, BAAs and the Law: Concerns & Best Practices
Cost Effective Protection Against HIPAA Enforcement
OCR Audit Requirements Following a Self-Reported HIPAA Breach
Who Needs to be HIPAA Compliant?
HIPAA Resources: Policies, Procedures & Training Materials
What’s in a Business Associate Agreement?
HIPAA Compliant IT Security and Best Practices

For HIPAA Compliant hosting, call 877.740.5028 or email [email protected].

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.