New Assessment Program Helps Covered Entities Monitor The Compliance Status Of Their Business Associates

Share Article

CompliancePoint, a PossibleNOW company, announces a new Risk Assessment program that enables Covered Entities to monitor the compliance status of their Business Associates. The Business Associate Monitor program goes further than the standard Business Associate agreement by requiring a valid Report of Compliance from affiliated organizations.

"Our Business Associate Monitor Program helps Covered Entities reduce their overall risk of financial penalties and damage to their organization’s reputation.”

CompliancePoint, a PossibleNOW company, announces a new Risk Assessment program that enables Covered Entities to monitor the compliance status of their Business Associates. The Business Associate Monitor program goes further than the standard Business Associate agreement by requiring a valid Report of Compliance from affiliated organizations. CompliancePoint, a Certified HIPAA Security Professional firm, also provides risk mitigation advisory services and a security incident response team in the program.

“The HITECH Act tightened information security breach notification requirements and established the fact that Covered Entities are responsible for the compliance activities of their Business Associates,” explains Jerry Wyble, VP & Practice Manager of CompliancePoint. “This puts a greater burden on Covered Entities to monitor what their Business Associates are doing regarding information security compliance, particularly with protected health information. Our Business Associate Monitor program gives Covered Entities a comprehensive approach to meeting and maintaining compliance initiatives throughout their electronic PHI network.”

The Business Associate Monitor program includes a thorough Risk Assessment of the Covered Entity’s Business Associate network. This assessment ensures the confidentiality and integrity of PHI data throughout the network. The assessment also identifies existing vulnerabilities within the organization and provides a detailed corrective action plan to mitigate this risk. The program can serve as a baseline to prepare for the audits by the Office of the National Coordinator for Health Information Technology and for all future information security initiatives.

Covered Entities need the ability to effectively manage and assess the risks throughout their network of Business Associates. To make this time-consuming task viable, the program includes CompliancePoint’s Compliance Automation Portal, a Software-as-a-Service solution. The Portal provides an easy-to-use standard interface for all Business Associates to report their activities and compliance status to a Covered Entity. The Portal centralizes the management and documentation for information security compliance initiatives and simplifies the activities required to demonstrate ongoing management and compliance with HIPAA HITECH.

“We tailor our Risk Assessments to meet the unique needs of each industry that we serve,” says Wyble. “Our Risk Assessment for Healthcare Business Associates examines numerous factors including the general rules for security standards, how Business Associates will manage and protect PHI, and the technology, policies and procedures in place to protect PHI. All of this helps Covered Entities reduce their overall risk of financial penalties and damage to their organization’s reputation.”

CompliancePoint offers a broad array of consulting services and technology solutions for the healthcare industry including a Risk Assessment Program for physicians, and Compliance Assessments for both Covered Entities and Business Associates. CompliancePoint also offers a Meaningful Use Risk Assessment that helps organizations correctly utilize Electronic Health Records technology.

For more information about the Business Associate Monitor Program or other CompliancePoint Risk Assessments for the healthcare industry, visit http://www.compliancepointis.com.

About CompliancePoint
CompliancePoint, a PossibleNOW company, is headquartered in Duluth, Georgia. CompliancePoint’s Information Security Compliance practice group provides consulting, audit and training services on business privacy and data security issues including PCI Certification and HIPAA assessments. Additional services include information security risk assessments and remediation services, network penetration testing, and information security training.

The CompliancePoint Information Security staff hold numerous IT & Security credentials including Certified Information Systems Security Professional (CISSP), Certified HIPAA Professional (CHP), PCI Qualified Security Assessor (QSA), Payment Application PCI Qualified Security Assessor (PA-QSA), Certified FISMA Compliance Practitioner (CFCP), Certified Information Security Manager (CISM), Certified Secure Software Lifecycle Professional, and certified TG-3 auditors.

For more information, call (800) 585-488 or e-mail hipaa(at)compliancepoint(dot)com or visit http://www.compliancepointis.com.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

BEVERLY OSCHERWITZ
PossibleNOW
(770) 255-1020 x1034
Email >
Visit website