AS A BUSINESS ASSOCIATE WE ARE OBLIGATED TO COMPLY WITH THE SAME HIPAA SECURITY STANDARDS AS THE COVERED ENTITY
(A) Implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that it creates, receives, maintains, or transmits on behalf of the covered entity;
(B) Ensure that any agent, including a subcontractor, to whom it provides such information agrees to implement reasonable and appropriate safeguards to protect it;
(C) Report to the covered entity any security incident of which it becomes aware;
(D) Authorize termination of the contract by the covered entity, if the covered entity determines that the business associate has violated a material term of the contract.
(E) Maintain Policies and Procedures which address all of the HIPAA Security Rules as with the Covered Entity.
(F) Undergo the same enforcement measures as that of the Covered Entity, including OCR Audits.
(G) Incur fines and penalties for breach of information or mis-handling storage or transport elements which results in vulnerabilities to PHI.
DO YOU HAVE A BUSINESS ASSOCIATE AGREEMENT WITH YOUR IT SERVICE PROVIDER AND CAN THEY MEET ALL OF THE HIPAA REQUIREMENTS?
