X

Third Party (BA) Contract and Privacy and Security Risk Management

HIPAA covered entities (CEs) and business associates (BAs) are required to manage their BAs from both a contract standpoint, and in relation to information privacy and security safeguards.

The HITECH-OMNIBUS final rule stepped up the requirements for both CEs and BAs who must now include the new requirements in their information privacy and security risk analysis and management program.

Read more: Components Of A Risk Management Plan You Must Know

The problem is that many CEs and BAs are trying to manage this daunting and potentially high volume task in a manual way with limited resources.

The solution is to implement an automated electronic way to manage this process. If this solution intrigues you, let us show you how you can to do it.

Here are some additional bullets about the services we offer upon request for Third Party (BA) Privacy and Security Risk Management:

We will:

  • Assist with the development of your BA inventory categorized by risk tiers
  • Organize and populate all relevant BA organizations and primary contact information into your ComplyAssistant portal
  • Provide detailed training to all third party BAs included in this PROGRAM on how to properly complete ComplyAssistant’s electronic assessments that covers the HIPAA-HITECH-Omnibus Privacy, Security and Breach Notification Rules (“ASSESSMENTS”)
  • Distribute ASSESSMENTS to all BAs included in this PROGRAM via your ComplyAssistant portal
  • Review each completed assessments’ answers and supporting documentation (e.g. spreadsheets, word documents, screen shots, etc.) to properly assign risk levels, documented operational compliance relevance, and risk mitigation tasks
  • Present findings to your management team

Visit our Vendor risk management software page and healthcare cybersecurity services page to learn more about these services.

The team at ComplyAssistant!