Overly Quoted on HIPAA Audits Targeting Vendors

23 March 2016 Modern Healthcare News
Partner Mike Overly was quoted in a Modern Healthcare article, “Wider HIPAA Audits May Drive Stronger Vendor Contracts,” on March 23, 2016. The article discussed the announcement that vendors of healthcare organizations, termed “business associates,” will be included as primary targets in the second round of HIPAA audits by the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). The audits are intended to clamp down on vendors handling patient data for healthcare organizations to ensure HIPAA-compliance and minimize security failures that could lead to a data breach. The announcement also suggests that enforcement of the OCR’s more stringent privacy and security rules could give healthcare organizations more leverage to get stronger agreements with their vendors.

Overly was quoted saying, “It will force greater visibility into what’s going on – and greater accountability. In many instances, covered entities don’t have the right to go in and audit what a business associate is doing.” He continued to explain, now that business associates are legally liable to the feds for compliance with HIPAA privacy and security rules, “covered entities will insist on having some kind of audit rights” when they sign HIPAA-mandated agreements with these vendors.


A Review of Recent Whistleblower Developments
19 July 2019
Legal News: Whistleblower Developments
Cloud security inadequate for Cyber threats, are you surprised?
19 July 2019
Internet, IT & e-Discovery Blog
Blockchain: A Tool With a Future in Healthcare
18 July 2019
Health Care Law Today
Do You Know What IMMEX Stands For?
16 July 2019
Dashboard Insights
Review of 2020 Medicare Changes for Telehealth
11 December 2019
Member Call
2019 NDI Executive Exchange
14-15 November 2019
Chicago, IL
MAGI’s Clinical Research Conference
29 October 2019
Las Vegas, NV
Association for Corporate Counsel Annual Meeting 2019
27-30 October 2019
Phoenix, AZ