Welcome Angie Santiago, CBCP Senior Security Consultant
Our flexible solution can provide assistance in establishing a BA HIPAA compliance validation process, or using proprietary tools we can 'vet' individual business associates on behalf of our customer. Working collaboratively with our customers we accomplish this through a methodical approach.
"HIPAA's obligation on covered entities to obtain business associate agreements is more than a mere check-the-box paperwork exercise," said OCR Director Jocelyn Samuels in a statement. "It is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected."
- HealthData Management, Mishandling X-rays leads to a large HIPAA fine, April 22, 2016
We request the vendor to choose a response from the questionnaire's drop down options or enter information where prompted. We analyze the vendor's response to questions, review requested documentation, and conduct a telephone interview (follow-up) to determine if the business associate understood the instructions and/or struggled with answering any of the questions.
An individual standardized assessment report inclusive of a dashboard (green, yellow, red) with an overall assessment score and individual score in several categories or domains is created. The report provides the organization with compliance documentation to support risk management initiatives and a measured means to assure the organization's ePHI is protected using the HIPAA Security Rule as guidance.
Please contact us to view a sample business associate or pre-purchase data security assessment report.