The Omnibus Rule implementing the HITECH Act made several changes to the HIPAA Privacy and Security Rules that profoundly changed the dynamic between health care providers and vendors. In addition, the Breach Notification Rule standards for what is a reportable breach were profoundly modified. Business Associates are now directly responsible for demonstrating their compliance with the HIPAA rules and will be subject to Office for Civil Rights (OCR) audit and investigation, which significantly impacts how providers need to manage their vendors. In this new environment, providers must hold their relationship with vendors more accountable to ensure protection and integrity is addressed by the vendor handling PHI on their behalf, and be more critical in selecting business partners.
This has become more important than ever, as recent regulatory changes have granted the Office for Civil Rights (OCR) more authority in assessing and penalizing non-compliance.
This webinar presentation, hosted by Ober|Kaler and CynergisTek, reviewed those regulatory changes and shed light on what must change in the relationship between covered entities and business associates. Presenters James Wieland and David Holtzman reviewed strategies and highlighted best practices to ensure that these business partners understand how to develop an effective, compliant relationship that ultimately improves the confidentiality and security of patient information. Jim and David discussed how to establish a lifecycle vendor management system to create a successful partnership with business associates.