Are your vendors TRULY Compliant with HIPAA?

Hi,

It's James, and in my continuing series on SMB Cybersecurity, I am back with another short entry for the healthcare industry to help keep your organization safe. As usual, I'm going to ask a lot of questions, and hopefully provide some of the answers.

---

As a healthcare provider or payer, you already know you have to be HIPAA compliant. And you know that your suppliers and vendors have to be HIPAA compliant.

But how do you know that your suppliers and vendors actually are HIPAA compliant? As your Business Associates (BAs), your compliance is dependent on their compliance.

Because the law applies, you have HIPAA compliance (hopefully) baked into your processes in working with protected health information (PHI, ePHI). You choose vendors based on their compliance as well, right? Do you know who all of your BAs are, and what their responsibilities are? Do they?