In a recent Healthcare Risk Management article, Thompson Coburn partner Milada Goturi outlined best practices for health care organizations to manage third-party vendors and ensure HIPAA compliance.
Third-party vendors pose a significant risk to a health care organization’s HIPAA compliance program, but those risks can be mitigated by diligently following best practices. Properly executing a business associate agreement (BAA) is crucial to managing third-party vendor relationships, Milada explained. Make sure the arrangement is structured appropriately, making clear that the covered entity is not controlling day-to-day operations of the vendor, she said.
“If you have that structured correctly, then, by law, the covered entities aren’t really responsible for violations of businesses associated who are the independent contractor,” Milada said. “If the covered entity is aware of a violation by their business associate, then they need to investigate. They need to take steps to make sure that noncompliance is cured, and if you know it’s not curable, then the agreement would need to be terminated.”
Click here to read the full article.
