Business Associate Auditing

Business Associate auditing & management is a vital component of a healthcare organization effectively managing risk as part of the overall HIPAA compliance management efforts.

All healthcare service organizations have Business Associate (BA) providers, many with access to their PHI. Often it is overlooked in the compliance management program.

What we do
Ion IT Group has developed an audit program for your business associates that will provide you with the confidence that they have your best interests in mind.  A multi point inspection audit that they have the polices & procedures in place and have tested their systems and networks for intrusions.

The Covered Entity (CE) is liable for the BA PHI breach if they knowingly fail to act when the BA is violating HIPAA OR the BA operates as your agent (VS an independent contractor) 

It is vitally important that the CE maintain the appropriate security posture and HIPAA compliance program, and Business Associate’s (BA)with access to PHI must as well.

Are you positive that your BA has not disclosed your PHI?

Every business hates spending money needlessly. But is the security of your PHI important enough for your BA’s, that they maintain their compliance program?  

It can be difficult to create a scalable, comprehensive vendor security program. BA’s present a very real exposure risk to PHI breach.  Healthcare organizations that are serious about protecting their PHI will establish an audit program that extends out of their own facility to include their third party BA’s.

The Omnibus Rule of HIPAA clarified that anyone hired to do work for or on behalf of a covered entity (CE) is a business associate (BA) if they create, receive, transmit or maintain PHI for a provider. It made BA’s liable for compliance with the HIPAA Security Rule and certain provisions of the Privacy Rule. As a result, healthcare service providers need an effective BA/vendor management program in place.

BA auditing and management is a critical component of managing your risk as part your overall compliance management program.