Privacy and Security Institute


Saturday, October 7, 2017

Adam Bullian, JD QI Express

Hospital networks are growing and are becoming more reliant on vendors to delivery critical business services. As the chain of patient information grows, the risks to the hospitals also grows. Thus, hospitals need to be proactive about who they allow access to patient information, and how their Business Associates protect information.  This presentation will provide practical steps that hospitals of all size can take to validate and manage the safeguards Business Associates employ to protect patient information.

  1. Determine when it is appropriate to exercise the right to audit Business Associates or what type of Business Associate management is appropriate for your organization;
  2. Discuss tools to effectively include the right to audit or other management activities in the Business Associate Agreement;
  3. Explain when or what should trigger an audit of a Business Associate;
  4. Discuss the best practices of auditing a Business Associate; and
  5. Evaluate the next steps after an audit of a Business Associate and how the management of the Business Associate may change.