Overview:

Learn how to implement an effective vendor management program, how to read and understand a HIPAA Business Associate Agreement, and how to spot common red flags and pitfalls.

Why should you Attend: How would you like to get blamed for a HIPAA data breach you didn't cause? It can happen if you don't manage your healthcare organization's vendors correctly. Every healthcare practice relies on an army of vendors to keep operations running smoothly.

Good technology vendors are key, from EHR vendors to IT consultants to cloud-based email and file services.

Handled correctly, these vendor relationships can reduce cost and risks, as you offload highly technical services to specialized professionals.

But do it wrong, and you could find yourself on the hook for a vendor's mistakes. Fortunately,HIPAA provides a way to protect your organization and ensure that privacy and security is covered everywhere, whether the systems are in-house or managed by a HIPAA Business Associate

Areas Covered in the Session:

• Introduction: the HIPAA Business Associate Agreement (BAA)
• HIPAA fines for Failure to Execute a valid BAA
• Which vendors require a BAA? Which vendors don't?
• The HIPAA conduit Exemption
• Who should write the BAA, the Provider or the Vendor?
• Working with Smaller Companies, Consultants, and Freelancers
• How to read a Business Associate Agreement
• Ten terms required by the Department of Health and Human Services
• Weasel words and traps to watch out for
• Live session only: Bring your own BAA or a vendor's BAA and review it live during Q&A

• Practice Managers
• Privacy Officers
• Compliance Officers
• COOs