When it comes to data security, ensuring your company’s compliance can be a headache, no matter the industry. Unfortunately, this problem is made even worse by the realization that compliance requirements extend beyond your internal operations. In other words, if your third-party vendors aren’t compliant, neither are you. To lighten your load a little bit, here’s a guide for those in the health, medical, and financial industries to help you make sure your vendors are as compliant as you are.
Instances of data breaches in the healthcare industry are skyrocketing, thrusting the field into the forefront of computer engineering salary discourse.
The Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) form the foundation of the requirements that ensure the confidentiality, integrity, and availability of physical or electronic personal health information (PHI/ePHI).
In other words, if a company handles PHI and/or ePHI, it is responsible for assuring HIPAA/HITECH compliance internally, as well as with any third-party vendors with access to personal health data. Insufficient data security measures are a real threat to medical patients around the country, as 56% of provider organizations have experienced a third-party or vendor breach.
In order to protect against third-party breaches, the HITECH Act introduced legislation in 2013 aimed specifically at regulating vendors under the larger HIPAA umbrella. In the legislation, vendors are referred to as business associates (BA). Anyone who has been granted access to PHI/ePHI, or if PHI/ePHI passes through their system, is required to comply with all HIPAA regulations. Before being granted access to PHI/ePHI, third-party vendors must sign a business associate agreement (BAA), which contractually binds them to HIPAA compliance.
Instances of data breaches in the healthcare industry are skyrocketing, thrusting the field into the forefront of computer engineering salary discourse.
The Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) form the foundation of the requirements that ensure the confidentiality, integrity, and availability of physical or electronic personal health information (PHI/ePHI).
In other words, if a company handles PHI and/or ePHI, it is responsible for assuring HIPAA/HITECH compliance internally, as well as with any third-party vendors with access to personal health data. Insufficient data security measures are a real threat to medical patients around the country, as 56% of provider organizations have experienced a third-party or vendor breach.
In order to protect against third-party breaches, the HITECH Act introduced legislation in 2013 aimed specifically at regulating vendors under the larger HIPAA umbrella. In the legislation, vendors are referred to as business associates (BA). Anyone who has been granted access to PHI/ePHI, or if PHI/ePHI passes through their system, is required to comply with all HIPAA regulations. Before being granted access to PHI/ePHI, third-party vendors must sign a business associate agreement (BAA), which contractually binds them to HIPAA compliance.
No comments:
Post a Comment