HIPAA Compliance and Business Associates: Managing the Business Associates Relationship 'Safely'
This session will cover the intricate relationship between the patient, the covered entity and business associates. This will include processes to identify the business associate, the process to qualify a business associate, key ways to exchange information and why you should encourage the business associates to sign your business associate agreement. This session will include SOC 1 and SSAE 16 documents as well as providing the key questions that you should ask every business associate.
Why should you attend:
Covered entities have been entrusted to protect patient health information, but what happens when they share that information with a third party? What steps can the organization take to minimize the risks to the patient and the organization? There are many examples of organizations having to advise HHS, the Media, and the patient about a breach caused by their business associates. This session will review an approach for conducting due diligence to mitigate the risk imposed on organizations by sharing this data.
Areas Covered in the Session:
Who Will Benefit:
- Identifying your business associates
- What steps, questions, etc. should be taken before giving access to a business associate?
- How will the exchange of information occur?
- What if the Business Associate wants you to sign their agreement?
- Documenting your agreements and due diligence
- Information Security Officers
- Risk Managers
- Compliance Officers
- Privacy Officer
- Health Information Managers
- Information Technology Managers
- Medical Office Managers
- Chief Financial Officers
- Systems Managers
- Legal Counsel
- Operations Directors
Upon completion of this activity, participants will be able to:
- Discuss the processes to identify the business associate, the process to qualify a business associate, key ways to exchange information and why you should encourage the business associates to sign your business associate agreement.