Vendors Can Be The Weak Point In Your HIPAA Compliance Efforts, Healthcare Risk Management, ft. Marc S. Voses
Marc S. Voses, partner at Kaufman Dolowich & Voluck LLP in New York City, was quoted in the August issue of Healthcare Risk Management on vendors and HIPAA compliance.
The article mentions concern that business associates can frustrate HIPAA compliance officers because they cannot be completely controlled, yet their performance can lead to a HIPAA breach for which the hospital or health system is liable. Some providers are trying to use indemnification to escape that trap, but there are limitations to that strategy, too.
“The best example of the threat is the 2011 breach at Stanford (CA) Hospital & Clinics, which was traced to a business associate’s subcontractor,” says Marc Moses, JD, a partner with the law firm Kaufman Dolowich & Voluck in New York City. A class action lawsuit against Stanford Hospital & Clinics and two business associates related to the breach affecting 20,000 patients was settled in 2014 for $4 million.