Help Me With Hipaa

Trust but verify is the new standard when it comes to Business Associate relationships today.  Yes, they must sign a BAA but you really need to ask some questions to confirm those BAs understand and are doing the things they have agreed to do for you. Covered Entities (CEs) haven't really worried about the details of the contracts too much as along as the vendors would sign them.  Many vendors have signed, and continue to sign, BAAs without any concerns at all for what the contract actually says they are going to do in their business.  For so many years a BAA was just something you had to sign in order to do the work in healthcare.  It didn't matter at all if you did anything with it other than put it in the file with other ones you had signed.  The new world of HIPAA compliance, huge data breaches, and civil fines and penalties means neither side of the contract can function that way any longer.  It is imperative that HIPAA compliant vendors are vetted in some manner to confirm you really are protecting your