Recently, Ed Ricks, CIO at Beaufort Memorial Hospital had an interview with Marianne Kolbasuk McGee with HealthcareInfo Security.
It is a very relevant and timely discussion since The Department of Health and Human Services' Office for Civil Rights' "wall of shame" website shows that business associates have been culprits in at least 17 percent of breaches affecting 500 or more individuals.
In the interview, Ed discusses the importance of monitoring Business Associate access, and how his organization ensures BA agreements are current and their vendors are treating PHI as securely as the hospital does.
He also speaks to how the hospital made a conscience effort to focus on vendor risk management, and with the use of technology it fostered improvements in process. Beaufort Memorial uses Iatric Systems Partner Risk Manager to monitor vendor agreements, and help manage the assessment of risk with their 200 vendors.
He stressed that the technology department is there to assist in caring for patients, not being a hindrance to that. Ed continued to highlight how technology must be married with best practices and staff education to best secure data.
Please read the full article below for the detailed information including a 20 minute podcast:
Vendor risk management is the right thing to do to ensure patient trust, but more importantly, HIPAA Omnibus Rule mandates that all Business Associates who will interact with protected health information be evaluated for risks to patient privacy.