The HIPAA Security Rule now applies to Business Associates. We anxiously await for the final modifications due to be released in March. However, the problem is your Business Associates have access to your ePHI right now. There really is no time to wait for the auditing requirements in the HITECH Act to be further defined.
You’ve identified all your business associates and have contracts in place that require them to protect your data. But what else can you do now to ensure your Business Associates are sufficiently protecting your ePHI?
We have created a Business Associate Security Questionnaire that provides you assurance while you wait for each of your Business Associates’ Information Security Programs to come up to speed and provide testing of their own. Or perhaps you have peering agreements with other covered entities. This questionnaire applies to them too.