Governance & Risk Management , HIPAA/HITECH , Standards, Regulations & Compliance

Business Associate Risks: A Report Card

Attorney Szabo on Healthcare's Efforts to Improve Security
Business Associate Risks: A Report Card

Recent breaches and regulatory audits have sharpened the focus on third-party risks. How are healthcare entities tackling this critical topic of business associate management? "Unfortunately, I think there's still a lot of uncertainty for covered entities and business associates, and a lot of work that needs to be done," says David Szabo, a partner in the Boston office of the law firm Locke Lord LLP.

See Also: A Holistic Approach to Developing a Combined Security and Compliance Program

One of the key issues for covered entities: Whether their vendors are categorized as independent actors or as agents of the entity - a key distinction. "If the business associate is your agent ... you are responsible for anything that happens within that scope of work. If the business associate has a breach, makes an improper disclosure ... the covered entity can be held directly accountable."

Szabo discussed "Vendor Management - Security, Risk and Compliance" at Information Security Media Group's recent Healthcare Information Security Summit in Boston.

In a video interview at the event, Szabo discusses:

  • How healthcare entities have progressed in managing business associates;
  • Current legal hurdles in vendor management;
  • The future outlook for scrutiny and enforcement.

Szabo is a partner in the corporate and transactional department, and a member of the healthcare and privacy groups at Locke Lord LLP. He represents hospitals, integrated delivery systems, home care companies, and other healthcare service providers. He also represents healthcare information technology companies and life sciences companies. Szabo has extensive experience in healthcare licensing and regulation, reimbursement, fraud and abuse compliance matters, and the structuring of joint ventures. His practice includes the privacy and information security law applicable to healthcare providers, health plans, technology vendors, and other organizations.


About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.