Are your vendors creating risk for your practice?
Unfortunately, the answer is probably ‘yes’. All too often, vendor risks and contracts are not managed correctly.
In the last six months of 2020, almost 75% of reported breaches were tied to third-party business associates.
It’s no secret that modern medical practice relies on many business associates and data management vendors, especially with the increase in electronic protected health information (e-PHI). It is essential to make sure that your vendors are protecting your data and your patients’ data.
How can you ensure your data is protected?
First, a good contract is essential to protecting you from HIPAA breach liability. Aside from detailing the work to be performed and the payment terms, your vendor contracts should also cover topics such as:
- What due diligence should be performed;
- How often a vendor’s security performance should be monitored;
- How audits should be performed; and
- How the data is actually secured.
Having a lawyer help negotiate effective vendor contracts and Business Associate Agreements can help reduce liability for the healthcare provider.
With healthcare breaches on the rise, it is more important than ever to ensure that your data is secure.
Vendors should be able to tell providers what measures are in place to protect data. They should have strong technical controls, along with strong procedural controls. Procedural controls include custom code, custom programming, and ensuring that the code and programming are from the same standards that you have. Your Business Associate Agreement should also protect your data.
Make sure you keep your Business Associate Agreements updated as your practice needs evolve.
Business Associates are directly liable for breaches to the same extent as covered entities, but your Business Associate Agreement needs to clearly set out their liability.
Source: Rickard & Associates, one of TPA’s Affiliate Partners, offers a myriad of legal solutions to healthcare providers, including vendor contracts. Contact Lori-Ann Rickard at (586) 498-0600 or firstname.lastname@example.org.