Carefully managing your Business Associates agreements (BAA) is important. At PrivaPlan we can’t emphasize that enough. The following story illustrates why.
As if going to the dentist doesn’t cause enough anxiety, last week 4300 dental patients learned that their personal records may have been compromised. Massachusetts General Hospital (MGH) in Boston contacted the patients about the privacy incident involving hackers accessing the electronic files of a third-party vendor.
That vendor, Patterson Dental Supply Inc. (PDSI), supplies dental practice management software for MGH’s dental practice. Boston Business Journal reports that an unauthorized individual accessed PDSI’s files, including information on MGH’s dental practice patients.
In its notification, MGH said the privacy incident did not involve any unauthorized access to the hospital’s files or systems and that the vendor has already enhanced the security of the systems that maintain dental records.
Still, the damage is done and patient records were potentially compromised, but it could have been worse for the hospital. David Ginsberg, President of PrivaPlan Associates Inc., explains and emphasizes the importance of ensuring that BA agreements protect you in the event of a breach. “For example,” he says, “as in the case of MGH, your BA agreements should require the vendor to compensate for the costs associated with patient notification and providing identity theft coverage, as well as website updates announcing the breach.”
Ginsberg says it’s imperative to make sure that all vendors who are Business Associates have signed and sent in their BA agreements. Often these “fall through the cracks” after being sent out for signature. Also, you need to keep an up-to-date list of Business Associates including contact names and information.
At PrivaPlan, our HIPAA experts can take the anxiety out of ensuring that BA agreements are current and we’ll validate that an agreement with the proper language is in place for every vendor who is a BA.
Contact us at firstname.lastname@example.org or call 877-218-7707.