Post-Breach Break-Ups: Is it Time to End a Business Associate Relationship?

This webinar is Part 3 of 4 in the “I Heart HIPAA” webinar series.

Whether it’s a vendor engaged by your electronic medical record (EMR) provider, a pharmacy third-party administrator (TPA), or a local consultant providing coding support, business associates frequently report breaches to covered entities. Some reports include tight timelines requiring the business associate to make breach notifications on behalf of the covered entity. Others arrive with limited information or incomplete data, complicating the covered entity’s ability to meet its notification obligations.

Once the breach notification process concludes, covered entities are often left with difficult questions: Should the relationship continue? What steps can be taken to reduce future risk and better protect the organization?

Learning Objectives:

• Identify the breach notification requirements for covered entities and their business associates under the HIPAA Breach Notification Rule
• Provide a practical framework for evaluating a business associate’s breach response and determining whether to continue the relationship
• Describe contractual provisions health centers can incorporate into business associate agreements (BAAs) to mitigate financial and legal risk following a business associate breach

Audience:

• CMOs
• COOs
• Compliance Officers
• Risk Managers
• Clinical Leadership
• HIPAA Privacy Officers
• HIPAA Security Officers

Presenter:

• Dianne Pledgie