Welcome Angie Santiago, CBCP Senior Security Consultant
There is no government approved accreditation process or certifying authority for determining if a business associate is complying with HIPAA. No product or service is “HIPAA Compliant.” The HIPAA Omnibus Rule required that covered entities and their business associates meet requirements contained in the HIPAA Security Rule and the applicable provisions of the Privacy Rules, Breach Notification, and the HITECH Act no later than September 23, 2013. In addition, subcontractors to business associates that handle PHI are also required to meet these requirements.
Many covered entities and business associates are requiring proof that that all 24 HIPAA Security Rule standards and the 48 required implementation specifications are met either through an attestation letter or completion of an assessment questionnaire.
We provide our customers with the right tool. Our assessment of the business associates' response provides our customers with a report of exposure to any risks discovered and a standardized means to track BA results.