MACRA, MIPS and the October 2 deadline has kept us busy conducting HIPAA Security Risk Assessments. This year, in response to the history of settlements and the amount of breaches related to Business Associates practices, we decided to change our tools appropriately to adjust for these trends. Our findings so far have been quite alarming and clearly displays a recipe for failure.
Over 8 million dollars were paid in just two settlements due to the lack of a business associate agreement. There are already quite a few cases that demonstrate the importance of formalizing your relationship with your subcontractors and making sure that those that meet the requirements of a Business Associate are treated as such. For example: