Popular culture is filled with terrifying creatures and beings that haunt the dreams of children at night. Whether it is a ghost or demon or a villain like Freddy Krueger, there is always the common theme of a seemingly unstoppable entity that can inflict damage on whoever it wishes.
In the real world of healthcare, a more realistic villain lurks in the shadow of hospitals: cyber hackers. To combat the increasingly more commonplace breaches in healthcare data that these villains impose, the government is cracking down on mismanagement between covered entities and business associates. Now, based on the HIPAA Omnibus law requirements, the government is placing equal liability for data hacks on covered entities as business associates even though, according to For the Record, the five largest data breaches were caused by business associates (BA’s).
There are many horror stories about BAs. Just as recently as September of 2014, there was a breach affecting 4.9 million users of the Tricare military healthcare program, a business associate to Science Applications International Corp. According to Data Breach Today, a lawsuit has been filed against both SAIC and Tricare, and Tricare’s lawsuit is reportedly for $4.9 billion. With BAs previously taking all punishment for security breaches, hospitals and medical organizations have a shared risk and liability in the vendors they choose to handle PHI. With hospitals having upwards of 200 BAs to deal with, keeping track of possible mismanagement of patient data can be very difficult. To lower the risk of HIPAA prosecution, hospitals are now requiring various checks on BAs to make sure PHI is properly secured by requiring them to be HIPAA compliant.
Currently, covered entities have to do these checks manually by directly contacting the business associates. This is a time consuming process that is difficult to keep track of. However, Aegify is able to bring all these checks together in a single software solution. The BA Manager program connected to Aegify allows covered entities to automatically run these checks on the business associates by displaying a dashboard that shows which BAs have complied with the HIPAA regulations that are required. This effectively eliminates hours of manual work that could easily be taken over by a computer and will be effective for covered entities to monitor if BAs are complying with necessary security and privacy measures to protect the patient.
Children may still be kept at night by the fear of a ghost entering their room, but it is time to eliminate the fear that cyber hackers impose on everyone who has a digital footprint. By being able to effectively make sure BAs are handling important PHI data correctly, we are closer to eliminating the threat of those who try to access the common person’s information.
In the recently released Gartner CIO Agenda Report, 2015, CIOs have identified Security & Risk Management as one of their top priorities. Many of your peers have already engaged Aegify to manage their security, risk and compliance efforts. Discover why. To learn more about our BA manager tool, please click HERE to receive an update for our LIVE webinar on the BA Manager tool led by Aegify CEO Anupam Sahai.