There is no government approved accreditation process or certifying authority for determining if a business associate is complying with HIPAA. No product or service is “HIPAA Compliant.” The HIPAA Omnibus Rule required that covered entities and their business associates meet requirements contained in the HIPAA Security Rule and the applicable provisions of the Privacy Rules, Breach Notification, and the HITECH Act no later than September 23, 2013. In addition, subcontractors to business associates that handle PHI are also required to meet these requirements.
Many covered entities and business associates are requiring proof that that all 24 HIPAA Security Rule standards and the 48 required implementation specifications are met either through an attestation letter or completion of an assessment questionnaire.
The tw-Security Solution
tw-Security offers our business associate customers support in developing, evaluating, and managing a HIPAA Compliance program. Our BA customers range from start-up tech companies to publicly traded international organizations.
For covered entities we have developed tools to assess current business associates' HIPAA and HITECH compliance, as well as vet (due diligence) potential business associates and/or their solution (application/system or service).
Our Services may Benefit your Organization by:
- Reducing risks and possible breaches caused by business associates that lack proper security safeguards and controls
- Improving your legal defensibility, and insurability
- Providing a framework demonstrating efforts for obtaining reasonable assurances
We provide our customers with the right tool. Our assessment of the business associates' response provides our customers with a report of exposure to any risks discovered and a standardized means to track BA results.