Medical VARs who sign HIPAA Business Associate Agreements (BAA) commit themselves to implement various safeguards to protect their clients’ confidential information. To facilitate compliance, Eagle/Interhack offers consulting services to assist VARs assess their security risks, create a comprehensive set of VAR policies and procedures, and create sample contracts for clients and subcontractors.
The revised HIPAA BAA specifications, which all medical practices must implement by 4/21/2005 , require that VARs implement physical, technical, and administrative safeguards to protect confidential information. VARs should understand that this short legal phrase references widely-accepted methods and standards in the computer security field.
VARs, the providers of security for their clients, are often like the shoemakers children with no shoes. Implementing their own security program will protect both the VAR and the VAR's clients. More specifically, benefits include:
Reduce
Time and Expense of Compliance – Reduce staff time as well as legal
involved in deciphering these regulations and learning
security practices
Increase Sales – Implementing a compliance program and promoting this action gives your organization a credibility edge in competitive situations. After completing the compliance process and training your staff, all company personnel will speak to potential clients with first-hand experience of your commitment to compliance with the BAA.
Manage Risk – Implementing these policies manages your legal liability, including liabilities stemming from the BAA as well as state laws.