Learn how to implement an effective vendor management program, how to read and understand a HIPAA Business Associate Agreement, and how to spot common red flags and pitfalls.
Why should you Attend:
How would you like to get blamed for a HIPAA data breach you didn't cause? It can happen if you don't manage your healthcare organization's vendors correctly. Every healthcare practice relies on an army of vendors to keep operations running smoothly.
Good technology vendors are key, from EHR vendors to IT consultants to cloud-based email and file services.
Handled correctly, these vendor relationships can reduce cost and risks, as you offload highly technical services to specialized professionals.
But do it wrong, and you could find yourself on the hook for a vendor's mistakes. Fortunately,HIPAA provides a way to protect your organization and ensure that privacy and security is covered everywhere, whether the systems are in-house or managed by a HIPAA Business Associate
Areas Covered in the Session:
- Introduction: the HIPAA Business Associate Agreement (BAA)
- HIPAA fines for Failure to Execute a valid BAA
- Which vendors require a BAA? Which vendors don't?
- The HIPAA conduit Exemption
- Who should write the BAA, the Provider or the Vendor?
- Working with Smaller Companies, Consultants, and Freelancers
- How to read a Business Associate Agreement
- Ten terms required by the Department of Health and Human Services
- Weasel words and traps to watch out for
- Live session only: Bring your own BAA or a vendor's BAA and review it live during Q&A
Mr Michael Herrick,
Michael Herrick is a serial entrepreneur with more than 25 years experience building technology companies. He is the founder and CEO of Matterform, a tech strategy firm and software development shop. He has launched software products on everything from floppy disk to SAAS and he debuted ecommerce shopping cart technology three months before the launch of Amazon.com.
Michael's passion for big problems has led him in recent years to focus on healthcare technology. He is the senior risk analyst for HIPAA.host,securing healthtech startups, hospitals, and healthcare practices. Michael is also the co-founding CTO of Medicheck, a Guadalajara startup bringing electronic health records to Latin America.
Michael's cybersecurity consulting is driven by his unique perspective combining technology and policy with an unwavering focus on human-centered design.