Over the past few years, we have seen millions of people affected by data breaches of large companies such as Anthem Insurance Companies, UCLA Health, and JP Morgan. These breaches and increased regulatory mandates have forced healthcare providers and their business associates to know, monitor, and report how sensitive PHI (Protected Health Information) data is protected. This is understandably a worrying concern for healthcare providers and there are different precautions that can be taken to help manage these situations. At PolicyMedical, we have an offering called BA Manager that can help take care of these issues and you may be find it an ideal solution, or it may be that another offering is a better fit for you. Either way, it is important to protect yourself so it does not result in multi-million dollar lawsuits. The real cost of hospital compliance is not the running costs, but rather the cost of not being properly protected.
Until recently, all that has been required of a Business Associate (BA) is a paper trail laying out the contractual relationship between a vendor and BA for HIPAA compliance purposes. These agreements usually state in broad terms that sensitive data must be protected, but today this isn’t sufficient to deal with shared liability and responsibility requirements.
Hospital compliance has never been more important. Regulations now mandate that Covered Entities and Business Associates have a deeper insight into the compliance efforts of their BAs/Vendors. Since the typical 400-bed hospital has between 300-500 BAs, the sheer magnitude of oversight and risk management renders manual compliance systems nearly useless. There’s no practical way to catalog all the BA agreements and determine their compliance, and by extension, yours. When you overlay preventative monitoring requirements, the scope of BA compliance truly spins out of control.
PolicyMedical Have Entered A New Partnership With Aegify To Help Reduce The Cost Of Hospital Compliance
Aegify, an experienced SRC (security, risk and compliance) software company, recently introduced a first-to-market product, Aegify BA Manager which:
- Establishes a unified framework and secure communication channel with oversight of all HIPAA security, risk and compliance issues and potential liabilities,
- Continuously monitors HIPAA SRC certification status,
- Tracks breaches and alerts associated with BAs and their vendors,
When this solution is combined with a contract management solution, such as Contracts Manager, it helps ensure an organization’s contracts significantly contribute to cost and risk reduction, improved control and an increase in revenue. Not all contracts require a BA agreement but all BAs require a contract and integrating the two of these solutions together provides for a more overall efficient process of managing your contracts.
Together, Aegify’s BA Manager and PolicyMedical’s Contracts Manager allow covered entities to:
- Manage in a controlled framework all of your contracts and associated BAs
- Provide a security blanket for the Covered Entity to demonstrate their oversight of all BAs
- Prevent future SRC threats and liabilities
- Record all activities for compliance recordation purposes
Covered entities will have access to seamless and automated workflows, creating an umbrella of SRC oversight and assurance. Think of Aegify and PolicyMedical as a bulletproof vest covering your BAs and all PHI data. Contracts Manager allows for a complete integration of your contracts and associated addendums that include your BAs. This allows for not just more efficient housing, but proper security oversight of all your BAs as well.
It may be that the combination of these two applications would work well for your company’s current situation, or it may be that it might not be quite the right fit. In order to help you figure that out, we would be happy to talk through the offerings and others offered on the market, in order to help you arrive at that decision. Please contact us, to find out more or request a free no obligation demonstration.