Things are a bit out of balance when it comes to Business Associates (BAs) in healthcare. Organizations invest a great deal of time and resources in vetting these third parties to make sure that they will safely handle data from the covered entity. But, when the relationship ends, those same organizations may overlook the risks to their data post-separation.
The problem is complex because different BAs will fall under different regulations See more +
Things are a bit out of balance when it comes to Business Associates (BAs) in healthcare. Organizations invest a great deal of time and resources in vetting these third parties to make sure that they will safely handle data from the covered entity. But, when the relationship ends, those same organizations may overlook the risks to their data post-separation.
The problem is complex because different BAs will fall under different regulations and use data differently. Some may process but not retain data. Others may have terabytes of your data to return or destroy immediately. For others, there may be a law or regulation requiring them to hold onto that data for several years.
The compliance team, explains Marti Arvin, Vice President, Chief Compliance and privacy Officer at Erlanger Health System, needs to ensure it is part of the process whenever a BA relationship is coming to an end. At that point, it’s time to reach out to the BA to ensure there is a plan in place for how data will be handled, and to begin documenting the process. This helps in case there is an incident later.
Listen in to learn more about what you can and should be doing to ensure that the close-out process is as healthy as it should be. See less -
