While many healthcare vendors state that they are HIPAA compliant, a recent settlement suggests they should use caution in these claims.
We can help your practice stay on top of the latest healthcare news, rules, regulations and trends. Subscribe to stay current and up to date on important matters that will impact your practice. (To subscribe to our blog click here).
In a recent settlement with the Federal Trade Commission (FTC), it was alleged that a healthcare vendor had a ‘HIPAA compliance’ seal on every page of the website, however, the vendor had never been evaluated for HIPAA compliance and failed to actually comply with HIPAA.
The vendor did not have all the required security policies, did not provide adequate training, did not assess risks of information stored, and did not have required protections in place.
So how do you know if your vendor is actually HIPAA compliant and not just claiming to be?
By law, the HIPAA privacy rule only applies to covered entities, such as health plans, health care clearinghouses and providers. The onus is on healthcare practices to ask the right questions and request necessary documents from their business associate vendors.
Start by ensuring that your business associate agreement is up to date and in place with every business associate of your practice.
Rickard & Associates helps their healthcare clients prepare and negotiate business associate agreements.
Communication with your vendors is key. Make sure that they understand the provisions and their obligations under your business associate agreement.
Find out what protections they have in place and what they require of their subcontractors.
Don’t simply rely on a business associate telling you that they are ‘HIPAA Compliant’, as it is unlikely that they have been evaluated by the federal government for HIPAA compliance.
In our next blog post, we will keep you informed of related issues. To get this important information delivered directly to your mail box, click here to Subscribe.
Do you need help staying current and compliant with the latest laws, rules and regulations? We can help. To contact us about new government rules and regulations, your practice’s risk assessment, or about your other legal needs: CLICK HERE.