BLOG HOME > HIPAA > Auditor Tips: Monitor Your Business Associates’ Compliance

Auditor Tips: Monitor Your Business Associates’ Compliance

*This article was taken from our HIPAA Guide. For more information on this topic, download our free HIPAA Guide. 

Get my free SecurityMetrics HIPAA Guide

Download now

“Sharing patient data with a business associate can lead to a large data breach.”

Every covered entity that uses business associates is required to obtain assurances that their business associates treat patient data the way you and HHS require them to. Whether you choose to personally audit each business associate or require documented data security procedures, take the initiative to secure the future of your organization and the safety of patient data.

As your business associates progress towards compliance, track their success to ensure an approved level of compliance. As the riskiest business associates reach compliance, begin to reach out toward medium-risk business associates to start this process with them. Don’t forget to reevaluate every business associate’s plan and associated vulnerabilities each year.

Remember, sharing data with a business associate can lead to a large breach of your patient data. However, most people I speak with tell me, “I have BAAs in place, so I don’t need to worry. Even if they do end up getting breached, we have airtight agreements removing our liability.”

It’s not just about who’s the responsible party. When patient data is lost or stolen, your patients (and your organization) could experience serious repercussions. Losing community trust can be devastating for your organization.

Authored by: Brian Budge, Security Analyst CISSP | CISA | QSA | PA-QSA | CISM

Join Thousands of Security Professionals and Subscribe