What does HIPAA Compliance mean for Business Associates?

According to the Omnibus Rule, Business Associates are being held directly responsible for their compliance with any relevant HIPAA laws. This also means that Business Associate compliance will be a focus of the recently launched Phase 2 HIPAA Audit Program. For Business Associates, these audits will focus on:

  • Risk Analysis and Risk Management
  • Breach Reporting to the Covered Entity

So, what should Business Associates do to prepare for a HIPAA Compliance Assessment?

  • Risk Analysis and Risk Management
    • Conduct a Security Rule Risk Assessment
    • Develop a Risk Management Plan
    • Review Policies and Procedures related to PHI vulnerability, accessibility, and integrity
    • Identify all systems that include PHI
    • Evaluate security measures to reduce risk
  • Breach Reporting (impermissible acquisition, use, access, or disclosure of PHI)
    • Evaluate Policies and Procedures

How is KirkpatrickPrice helping Business Associates?

KirkpatrickPrice is helping Business Associates with experienced Risk Assessment and Risk Analysis practices. We can also help with policy and procedure development and review. Our expert information security personnel and our web-based portal experience makes us uniquely qualified to help Business Associates achieve HIPAA compliance.