Potential Business Associate Screening Questionnaire Now Available on Premium Member Section: HIPAA & HITECH Act Blog by Jonathan P. Tomes


You do not necessarily have to ask a potential business associate to complete all or portions of the questionnaire that I have developed and made available for you on the Premium Member section of the Veterans Press website. As I discussed in my February 18, 2013, blog item, “You’d Better Not Control Your Business Associate’s Performance!,” before the HITECH Act and the Omnibus Rule, you were liable for breaches by your business associates—and now your downstream business associates (subcontractors)—only if you had actual knowledge of the breach and did not do anything to remediate it. Now, however, covered entities and upstream business associates can be liable for breaches by their business associates and their subcontractors under the federal common law of agency. In this complicated area of the law, you can be liable if you exercise too much control over how the business associates or subcontractors perform their duties for you under the contract.

If you are going to be potentially liable under this vague theory, does that potential liability mean that you have to audit your business associates or subcontractors for HIPAA compliance? No one really knows the answer to that question. And if you do audit them, does that audit constitute exercising too much control? Do you have the expertise to competently audit them? And if you do, do you have the time and resources to audit multiple business associates?

A number of business associates have hired my consulting firm, EMR Legal, Inc., to audit them for marketing purposes. Thus, they can say, “You don’t have to worry about auditing our operations because EMR Legal has done so and has awarded us its certificate as a HIPAA compliant business associate.”

So trying to find a middle ground to protect the covered entity and upstream business associate short of a full audit, I thought that a questionnaire to have the prospective business associates fill out and submit to you would not constitute too much control over how they performed their day-to-day operations because they are not your business associates yet. That new questionnaire is now available on the Premium Member section of the Veterans Press website for you to use as a template to adapt to your own needs.

Also, again, as a reminder, if you bought the HIPAA Compliance Library that includes my 5th edition of the Compliance Guide to HIPAA and the DHHS Regulations, you received with it a one-year free subscription to the Premium Member section. If you need help setting up your account to access the Premium Member section or want to arrange to buy a one-year subscription, please call our marketing director, Patrick R. Head II, toll-free at 855-341-8783 or email him at patrick@veteranspress.com.

While you are talking with Patrick, ask him about our upcoming two-day Hands-on HIPAA Workshop aboard the Queen Mary anchored in Long Beach, California, October 16-17, 2014.

seo by: k.c. seo