Four HIPAA Compliance Tips for Business Associates

A significant issue is not just the business associate compliance, but the interpretation of the requirements by their healthcare customers. This is leading to business associates being asked to comply with hundreds of proprietary security questionnaires and requirements adding cost and complexity to the healthcare system.

HealthLeaders Media: Are business associates ready for this change?

Nutkis: HITRUST held a Business Partner Summit to begin to explore these issues and identify ways that industry can collaborate to clarify and streamline the process. A key take-away from the summit is that organizations are spending increasingly more on business partner compliance, while overall confidence in the effectiveness of these compliance efforts is actually decreasing. This is due to both the variety of requirements and wide range of business partners with different scopes, information security programs, and risk profiles.

Using our Common Security Framework (CSF) as the overarching framework of requirements and our certification, HITRUST is actively working to help organizations address this issue by defining a single, simplified business partner compliance process.

This includes setup, assessment, remediation, reporting, monitoring, alerting, and continued improvement. Our participants believe the HITRUST model will both reduce the risk exposure and contain costs for all stakeholders.

HealthLeaders Media: Did this change your client base already?

Nutkis: HITRUST has seen a significant increase in the number of organizations adopting the CSF to comply with business partner requirements, in both instances where their customer requires it or to promote in lieu of proprietary requests.