Ask These 16 Questions to Avoid Violating HIPAA regulations.
Before your healthcare organization signs with a Healthcare IT Support Company, make sure they sign a HIPAA-Compliant Business Associate Agreement. If they don’t, and a data breach occurs, YOU will be held responsible. It’s your job to ensure all your business associates meet HIPAA privacy and security requirements.
A Business Associate Agreement defines levels of performance to be delivered by your Healthcare IT Support Company, and your rights as their client. It’s an effective tool for aligning their responsibilities with your requirements as a healthcare organization.
When reviewing a Business Associate Agreement with your Healthcare IT Support Company, ask the following 16 questions:
- What’s their track record in providing information technology services to healthcare practices and organizations?
- Will they provide Security Audits to ensure HIPAA Compliance?
- Do they document procedures?
- Will they guarantee in writing that software or services provided comply with all federal and state mandates?
- Will they immediately notify you of any data breaches?
- Do they have a plan for security, backups, and restoration, including the testing methodology used?
- Do they outline which security measures are required for supporting connectivity to the Internet (e.g., firewalls, virus protection, spyware protection, password security and other security devices to limit access to networks and applications)?
- Will they ensure the technology they implement aligns with your operations and interfaces with the key systems and processes you use?
- Do they provide guarantees for uptime and service level agreements?
- Is there a cost to contact support staff with inquiries? Is this cost included in the package, or is there an additional fee?
- How quickly will they respond to IT issues as they arise?
- Do they have a plan for failures and extended downtime? How quickly can they restore vital operations after a failure?
- Are maintenance services, such as software upgrades, new features, product offerings, and customer service (e.g., a 24/7 help desk or other tech support), available to keep systems operating effectively?
- Will they train your staff on new technology? How many hours of training are included in the agreement?
- Are the termination provisions clear? Both your practice and the Healthcare IT Support Company should know when and how to terminate the agreement.
eMDTec will provide answers to all these questions and more, along with a signed Business Associate Agreement to prove we are compliant with HIPAA privacy and security requirements. For more information, contact our Healthcare IT Specialists at (800) 979- or firstname.lastname@example.org.