8 Questions about Vendors Auditors Ask

By Steve Spearman, VP of HIPAA Compliance Services at Healthicity

Twitter: @HIPAASolutions
LinkedIn: Our HIPAA Chat Group
Host of HIPAA ChatJoin us on the next broadcast.

Once upon a time, all a healthcare organization needed to do to ensure that its vendors and subcontractors would keep data secure was to require it in their contractual agreement. However, Health Data Management has recently uploaded an interesting article that discusses OCR’s recent efforts to strengthen what it believes could be the weakest link in HIPAA compliance and PHI security: vendors and subcontractors.

Stipulating on HIPAA compliance in your contract will not be enough anymore. These days, courts want you to actively make sure that your vendors are handling your information in a HIPAA compliant way.

In light of this new stance from OCR, along with the coming HIPAA audits, here are the eight questions about vendors that you should expect to hear from auditors.

  1. Do you know the names of your business associates and their subcontractors?
  2. Do you address the risks of subcontractors?
  3. Do your policies define permissible uses and disclosures of protected health information?
  4. Do your agreements require business associates to provide evidence of appropriate safeguards? How do you determine what is appropriate?
  5. Do you have a defined incident response procedure?
  6. Do you require the BA to provide auditors with all necessary documentation in case of an audit?
  7. Does your business associate agreement have teeth, with termination an option in case of violations?
  8. Do you make it clear that the vendor is responsible for telling you if there is a breach?

While these questions do not encompass everything you need to know about your vendors, it is a good starting point in making sure that you are managing your relationship with vendors and subcontractors in a HIPAA compliant way.

Below is a link to the original article from Health Data Management.

Source: Facing a HIPAA Audit? Here is What Auditors Want | HDM Top Stories

This article was originally published on Health Security Solutions and is republished here with permission. Steve Spearman hosts HIPAA Chat, a show produced by HITECH Answers airing on our Internet radio station, HealthcareNOWradio.com. Learn more about HIPAA Chat or download podcasts of the show. Find out more about attending the next taping of HIPAA Chat and ask your questions directly to Steve.