{"id":2385,"date":"2013-04-11T00:00:00","date_gmt":"2013-04-11T00:00:00","guid":{"rendered":"http:\/\/otava.test\/how-to-ensure-business-associates-are-hipaa-compliant\/"},"modified":"2013-04-11T00:00:00","modified_gmt":"2013-04-11T00:00:00","slug":"how-to-ensure-business-associates-are-hipaa-compliant","status":"publish","type":"post","link":"https:\/\/www.otava.com\/blog\/how-to-ensure-business-associates-are-hipaa-compliant\/","title":{"rendered":"Ensuring Business Associate Compliance: Are You Doing Your Due Diligence?"},"content":{"rendered":"

Business associates should be required to provide some type of evidence or proof of compliance to their covered entities.<\/em> – Healthcare Information Security Today: 2013 Outlook Survey<\/p>\n

This quote comes from a study that reports only 32 percent of survey respondents of a healthcare director\/manager of information technology demographic expressed confidence in the security controls maintained by their business associates – a dismal number considering the risk taken when partnering with a HIPAA cloud hosting<\/a> or HIPAA colocation<\/a> provider.<\/p>\n

When asked about what steps covered entities have taken to ensure business associates are HIPAA compliant, only 25 percent obtained a copy of their BA\u2019s security audit, and 12 percent commissioned a third-party validation of their policies and procedures. While the last figure is understandable as it requires an investment of time and money, there should be no excuse for not checking a security audit report (unless the business associate doesn\u2019t have one).<\/p>\n

\"2013<\/a>
2013 Business Associate Compliance<\/figcaption><\/figure>\n

Read more about compliance with hosting business associates in 100% HIPAA Compliant<\/a>.<\/p>\n

Thirty percent required business associates complete a security questionnaire, although the report doesn\u2019t provide much in terms of details. For a list of questions to ask your potential HIPAA hosting provider, read Five Questions to Ask Your HIPAA Hosting Provider<\/a>.<\/em><\/p>\n

The greatest percentage of respondents modified business associate agreements (BAAs) to provide more details, at 69 percent. What should the contractual terms look like? Briefly, BAs are required to:<\/p>\n