Have you Audited your HIPAA Business Associates?
This question comes up frequently when we are working on HIPAA Policies and Procedures for our clients. The answer is rarely “yes”. We find that most folks don’t even know where to begin with this process, or they’ve been using the services of Business Associates for so long, they haven’t given their Business Associates’ compliance stance a second thought.
The reason this is so important for your business is, the Omnibus Ruling there is the federal common law of agency provision. This means that your business is liable for civil money penalties for a violation committed by a workforce member or a Business Associate. I’ve attached the law below for you to read.1
Here are some previous articles we’ve written about why HIPAA Compliance is so important for your Business Associates, and information about Phase 2 audits.
- Business Associates Must Take HIPAA Compliance Seriously
- OCR’s Phase 2 of HIPAA Audit Program Focuses on Business Associates
What kind of questions should you ask? Well, we’ve put together a short questionnaire for you to give to your Business Associates. If they answer “NO” to any of these questions, it means your Business Associate isn’t HIPAA Compliant, and you have a MAJOR liability issue on your hands!
Register here to receive your free BA/Subcontractor Audit Checklist:
- 45 CFR 160.402 (1) A covered entity is liable, in accordance with the Federal common law of agency, for a civil money penalty for a violation based on the act or omission of any agent of the covered entity, including a workforce member or business associate, acting within the scope of the agency.