Healthcare Information Security Podcast

Healthcare organizations must revamp their business associate contracts to help ensure compliance with the HITECH Act's breach notification rule, says security expert Tom Walsh. In an interview, Walsh points out that under the rule, business associates, such as banks, billing firms and software companies, that have access to protected health information must report breaches to their healthcare partners, such as hospitals and physician groups, as well as affected patients. He advises healthcare organizations revamping contracts to: Spell out what breach-related information the business associate must collect to meet HITECH requirements. Specify who the business associate should contact by phone at a healthcare organization in the event of a breach, and prohibit the use of e-mail for notification. Require the business associate to have insurance to cover the cost of breach-related expenses. Spell out that the business associate must comply with all aspects of the HIPAA security rule. Require the business