Online Safety Community

HIPAA compliance for offshore vendors

In this age of outsourcing and globalization, and with it, the emerging potential phenomenon of the Internet of Things (IoT); it is quite a tempting proposition for HIPAA Business Associates or Covered Entities to think of outsourcing their processes relating to Protected Health Information (PHI). However, as is to be expected, there is risk involved in outsourcing this kind of critical information, given the critical importance of these healthcare records and in view of the fact that there is a lurking black market for healthcare information.

In addition to the logistical problems associated with offshore vendor management; there is also the legal element of HIPAA compliance for offshore vendors. In strictly legal terms, HIPAA does not prohibit the Business Associate or Covered Entity from outsourcing its work pertaining to maintaining PHI. There is no explicit mention or provision in HIPAA Privacy and Security Rule which states where PHI, either paper or electronic, has to be stored, although other laws such as some State Medicaid programs do so. Since HIPAA does not state this, it is largely left to the discretion of the Business Associate Covered Entity to decide what to do with offshore vendors.

What happens when there is breach of data?

The problem of offshore vendors for the PHI of Business Associates arises when there is a breach. The current provisions of HIPAA Privacy and Security Rule do not offer sufficient strength to the OCR to legally pursue a Business Associate whose operations are located overseas. There are many grey areas in HIPAA when it comes to this aspect. The reach and power of the OCR, or for that matter a state attorney general, is rather limited when it comes to enforcement action for an offshore vendor. It is rather diluted compared to the ease and legal authority with which it can enforce actions for data breaches on a domestically located Business Associate or Covered Entity.

In view of this, it is left to Business Associates to decide how they handle the PHI aspect of offshore vendors. The usual step taken by most Business Associates is to add an extra layer of scrutiny and diligence into the process of maintaining the confidentiality of the PHI.

  • A few Business Associates make it a point to audit the offshore location at fixed times by sending their personnel to ensure that records are secure
  • Others have strict procedures such as prohibiting the entry of mobile phones, cameras and other devices into places in which the data is stored

A learning session on all the aspects of HIPAA compliance for offshore Business Associates

Despite these measures, there is no denying that the issue of offshore Business Associate is fraught with many uncertainties and complexities. It is to unravel these that MentorHealth, a leading provider of professional trainings for the healthcare industry, will be organizing a webinar.

This webinar will have Paul Hales, an attorney at law in St. Louis, Missouri whose practice has included specialization in the HIPAA Privacy and Security Rules from the dates they became effective; as the speaker. To enroll for this session and gain clarity on the grey areas of HIPAA provisions for offshore Business Associates, Read More

http://www.mentorhealth.com/control/w_product/~product_id=800981/?s...

Steps to take to address data breaches

At this session, Paul will talk about HIPAA compliance issues and offshore Business Associates. He will also suggest the kind of due diligence that should ideally go into this matter. The topics of Agency and offshore Business Associates and the steps to address risks posed by transmitting and storing PHI outside the United States will also be taken up.

This is a topic that is of high importance to professionals involved in HIPAA and its various aspects, such as healthcare providers, Business Associates, HIPAA Compliance Officials, Risk and Compliance Managers, Information Systems Managers, Contract Managers, and Legal Counsel. During the course of this session, Paul will cover the following areas:

  • Explain the Covered Entity - Business Associate - Subcontractor Business Associate chain of trust, responsibility and inter-linked liability
  • Review the limits of U.S. government regulation of offshore Business Associates
  • Review Due Diligence - the benefits and consequences of controlling Business Associates
  • Review provisions of the BAA that may reduce risk and improve opportunities for private remedies.

Views: 17

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Russel Stuart posted an event
Thumbnail

Time Management at Online evnt

October 5, 2017 from 10am to 11am
The TrainHR webinar is approved by HRCI and SHRM Recertification Provider.Overview: Everyone gets the same amount of hours in a day, week, month and year. So, why is it that some people get so much more done than others? Time can be one of the most elusive resources a business owner and/or manager have. You may have a system for running all the other aspects of your business. But, are you managing your time efficiently and effectively?What is Time Management? Time Management refers to managing…See More
22 hours ago
Madison Quinn posted a discussion

QlikView 12.10 Service Release 8 and QlikView Governance Dashboard 2.0.4 now available

Hello all,Qlik announced that QlikView 12.10 Service Release 8 [SR8] is now available on Qlik download site.   SR8 is a relatively small service release and includes 7 bug fixes - you can find details of the fixes in the attached release notes.Also Qlik announced that QlikView Governance Dashboard 2.0.4 is available on Qlik download site. This release contains a few key bug fixes which are detailed in the attached release…See More
yesterday
John Robinson posted blog posts
yesterday
rodriguezcecelia posted an event

ITIL Training Seattle, WA at Regus, Seattle

August 30, 2017 at 9am to August 31, 2017 at 5pm
Welcome to MSys Training, North America’s leading training provider. Read some of our reviews on www.trustpilot.com. MSys’ ITIL Foundation® program includes:Course instruction by Lead ITIL instructorsAXELOS® approved course material2 Simulation testsCase studies, webinars and instructor feedback16 PDU certificate100% pass guarantee Visit www.msystraining.com, call 408-878-3078 or…See More
yesterday

Forum

QlikView 12.10 Service Release 8 and QlikView Governance Dashboard 2.0.4 now available

Hello all,Qlik announced that QlikView 12.10 Service Release 8 [SR8] is now available on Qlik download site.   SR8 is a…Continue

Started by Madison Quinn yesterday.

PMP Certification Boot Camp Los Angeles

Welcome to MSys Training, North America’s leading training provider. Read some of our reviews on www.trustpilot.com. MSys’ PMP® program…Continue

Tags: PMP

Started by rodriguezcecelia yesterday.

Safety - A Prerequisite 11 Replies

Whether working at home or outside, to observe safety should be our pre-requisite. The employer before anything must be sure of the safety of its employees especially the ones working in mines or any…Continue

Tags: products, safety

Started by Enna Henry. Last reply by Tara safe Aug 16.

Lean Six Sigma Black Belt Training in New York City

Welcome to MSys Training! We thank you for visiting MSys LSSBB training page. Attend our 4 days Lean Six Sigma Black Belt (LSSBB) training program with 100% pass rate, high quality course material,…Continue

Tags: sigma, six

Started by rodriguezcecelia Aug 11.

ITIL Certification Training - MSysTraining

The ITIL® Foundation is an entry level qualification in Information Technology industry. It gives participants information about the key elements, terminologies and concepts used in the ITIL Service…Continue

Tags: itil

Started by rodriguezcecelia Aug 8.

Badge

Loading…

© 2017   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service