When A Partner Has A HIPAA BREACH
Covered Entities face the daunting task of ensuring their in-house data is secured according to the HIPAA OMNIBUS regulations, which by it's self is difficult enough to tackle and generally requires a dedicated employee or staff to keep them compliant and avoid breaches and ultimately fines. However many smaller practices today rely on third party vendors and EMR software partners to store the medical records and PHI of their patients. This, however, can result in some unwanted liability.
In 2015 "NoMoreClipboard" had over 3.9 million medical records compromised. This breach effected hundreds of small clients that trusted them to maintain the highest security standards. But in this day and age, breaches like this are not a question of if, but when. So when they do, there are steps for both the Business Associate as well as the Covered Entity that needs take place.
First, figuring out the "what", as in what was compromised. This information is the first part of the information necessary when reporting a breach to HHS. After this, the "how" then goes under investigation which may take weeks to months depending on the size and scope of the breach. For either party, contacting a legal entity familiar with HIPAA breaches would be the best first step as they will be able to guide them through the notification process as well as any damage mitigation it may need to undergo.
But what may be the most important factor in ensuring limited liabilities between two partners is the Business Associate Agreement. This document, which needs to be kept up to date and actually signed can go a long way in establishing the expectations and performance the partnership was designed to bring to each other and the liability understood from both sides.
PatientCalls has been a leader in the medical answering service field for over 15 years providing answering services with top rated quality and expertise to those in need of optimizing their organizations' time and communications. Call PatientCalls today and ask for more information regarding our 14-day risk free trial and custom flat rate monthly price plans.