Given the plethora of breaches that target the healthcare industry, and with BAs accounting for a disproportionately large percentage of all HIPAA breaches involving 500 or more individuals, it is a necessity that CEs appropriately manage their business associate risks.  Simultaneous with BAs becoming statutorily obligated to comply with the Privacy, Security and Breach Notification Rule, the rules themselves strengthened the language around managing downstream BAs, sub-BAs, etc.  Given these changes, CEs, BAs, sub-BAs, sub-sub-BAs, etc now must all have both compliance risks and actual breach risks to address. This session is designed to help CEs and BAs understand and act on the importance of managing business associate risks.

---

Learning Objectives:

• Review the specific regulatory requirements for BA management
• Create an outline of strict requirements for Business Associates and their BAAs
• Develop a Vendor/Business Associate Management Program Plan

Bob Chaput, CISSP, HCISPP, CRISC, CIPP/US, CEO, Clearwater Compliance LLC