This single question quickly reveals Business Associates who take HIPAA compliance seriously.
Business Associates who have invested in an independent HIPAA audit benefit from:
When you see what HHS requests after a PHI breach, you’ll see there’s no way that the requested documentation can be prepared in 10 days. 10 weeks or 10 months would be more appropriate. (A link to the list HHS requires is listed below).
Some will argue that the cost of getting an independent HIPAA audit is prohibitive, but compared to the costs of a PHI breach, it’s truly trivial. Consider this: current class action lawsuits seek $1000/patient record breached. When a laptop was stolen from the Massachusetts eHealth Collaborative, 13,687 patient records were taken. There are 2 pending class action lawsuits.
2 lawsuits * 13,687 patient records * $1000/patient record = $27,374,000
Still think investing in an independent HIPAA audit is too expensive or overwhelming? Make sure you outsource health care IT services to Business Associates who are independently HIPAA audited and will share a copy of the audit report with you.
Next week we discuss policies and technologies used to protect health care applications and PHI data.
References:
Why Business Associates Should Invest in a HIPAA Audit
NY Times Article: Digital Data on Patients Raises Risk of Breaches
Related resources:
HIPAA, HITECH, BAAs and the Law: Concerns & Best Practices
Cost Effective Protection Against HIPAA Enforcement
OCR Audit Requirements Following a Self-Reported HIPAA Breach
Who Needs to be HIPAA Compliant?
HIPAA Resources: Policies, Procedures & Training Materials
What's in a Business Associate Agreement?
HIPAA Compliant IT Security and Best Practices
For HIPAA Compliant hosting, call 877.740.5028 or email
This e-mail address is being protected from spambots. You need JavaScript enabled to view it.
.
