How important is protecting the patient health information (PHI) to your vendors?
advertisement
Aktueller Standort:
>
> This Story


Log in oder Register to rate this News Story
Forward Printable StoryPrint Comment
advertisement

 

advertisement

 

Health IT Homepage

Mercy Technology Services launches real-world evidence network nationwide Source of data for clinical and business-making decisions

Is Apple health team seeing some discontent? CNBC reports high rate of departures and 'tension' among members

Data sharing 'insufficient' for close to a third of healthcare providers Survey finds many switching to single, integrated EHRs to be interoperable

PHDA and Amazon Web Services team up in machine learning healthcare sponsorship Aiming to enhance medical imaging, precision medicine and cancer diagnostics

Actively regulated EHR standards are driving demand for outsourcing critical functionality Staying ahead of the curve as SCRIPT17 deadline approaches

Patient record breaches in 2019 already double the total from last year Report finds almost 32 million patient record breaches, compared to 15 million in 2018

Kaiser Permanente team standardizes definition of complete imaging history Developed prompts to help in order entry process

Everyone’s part in the perfect EMR Tips for optimizing your facility's approach to patient data

Browser beware: Study uncovers data leaks that could impact health IT Chrome and Firefox extensions may cause vulnerability

Getting physicians to embrace telehealth By 2025 the U.S. telemedicine market is expected to exceed $64 billion

How important is protecting the patient health information (PHI) to your vendors?

By Carol Amick

As healthcare providers continue to search for ways to cut costs and increase efficiency, many are outsourcing selected services. One report indicated that 98 percent of the hospitals surveyed were either actively considering outsourcing or had already done so. Outsourcing is expanding beyond non-core functions to clinical areas, as healthcare providers look for ways to decrease costs and increase quality. While outsourcing can be a cost-effective move, failure to properly assess and manage risks related to protected health information (PHI) can create legal and reputational issues for the organization.

However, outsourcing and relying on vendors to perform activities that involve access to PHI increases the risk to a covered entity. Over the past three years, the Health and Human Services Office of Civil Rights (OCR) has issued approximately $6,000,000 in financial penalties, where failure to obtain a signed HIPAA-compliant Business Associate Agreement (BAA) from at least one vendor was either the sole reason for the financial penalty, or contributed to the severity of the penalty.
Story Continues Below Advertisement

THE (LEADER) IN MEDICAL IMAGING TECHNOLOGY SINCE 1982. SALES-SERVICE-REPAIR

Special-Pricing Available on Medical Displays, Patient Monitors, Recorders, Printers, Media, Ultrasound Machines, and Cameras.This includes Top Brands such as SONY, BARCO, NDS, NEC, LG, EDAN, EIZO, ELO, FSN, PANASONIC, MITSUBISHI, OLYMPUS, & WIDE.


The HIMSS 2019 Cybersecurity Report noted that 30 percent of the healthcare vendor respondents had not experienced a significant security incident in the prior 12 months. This means that 70 percent had experienced a significant security incident.

HIPAA requires that covered entities have Business Associate Agreements (BAA) with vendors that have access to PHI to perform duties on behalf of the covered entity, or if electronic PHI (ePHI) passes through their systems. The HITECH omnibus rules require that business associates comply with the Security Rule with regard to ePHI, report breaches of unsecured PHI to the covered entity, comply with applicable requirements of the privacy rule, and ensure their subcontractors agree to the same regulations.

While a BAA does provide a covered entity with some legal assurances, a BAA does not necessarily indemnify a covered entity against financial penalties for a breach if the covered entity failed to obtain “satisfactory assurances” of the vendor's security. Nor will a BAA protect the entity’s reputation. Quest Diagnostics recently experienced a breach by one of their vendors of financial data for approximately 11.9 million patients. While the breach was the fault of the vendor the media focus and public attention is on Quest Diagnostics.

It’s important to consider if the data an organization are entrusting to a vendor are protected. What is the organization doing to ensure that vendors who access ePHI understand their obligations and expectations?
  Pages: 1 - 2 - 3 >>

Health IT Homepage


You Must Be Logged In To Post A Comment