Offshore services are a popular option for many businesses. The ability to work around the clock from different sides of the planet is one thing but the cost savings are the primary driving force for this solution. When it comes to HIPAA Business Associates, though, there are a lot of variables that must be considered when deciding whether to offshore or not.
In this episode:
Offshore or Not? – Ep 312
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
The HIPAA Boot Camp
Virtual Edition Aug 17-19, 2021
Great idea! Share Help Me With HIPAA with one person this week!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
HIPAA Say What!?!
[06:53] CISA – Bad PracticesCISA recently released a new site designed to list the things you should NOT do. There is good reasoning there. If you can’t get people to pay attention to best practices, what about just avoiding the bad practices.
We like the concept and review it a bit before getting down to the topic of the day.
It all started with a question posted in a MSP forum asking David to respond.
Offshore or Not?
[24:21] From an MSP perspective, this is a huge question these days, but it also applies to transcription companies. There’s a lot with transcription and medical records and billing and coding companies doing this or considering it. There are so many vendors in health care that want to you know, it’s what was it we were just talking aboutThe big question we should all address no matter what industry is about your data. No matter who wants offshore services you still have to figure out how much they will have access to in order to do that job. Sure, it may be cheaper labor. Your payroll goes down because you’re outsourcing overseas, but at the same time. What happens to my data when a vendor elects to use that option?
What does HIPAA say about offshore outsourcing?
[26:31]Let’s get it really clear here, HIPAA never addresses this citation specifically. That means you need to treat it like anything else – a risk analysis..The use of services outside the US must take into consideration that HIPAA is a US law. Other countries are not obligated to follow HIPAA laws. As a BA you do have separate but equal liability. However, what are the chances of OCR pursuing a case outside the US when you were the one that hired them. Well, let’s just say minimal.
There are many ways to address these issues but there better be a solid contract in place. You really need a lawyer to handle these more than normal.
Once you do start offshore data you must have regular as well as random audits of all access done from those locations. Managing these partners should be part of your own policies and procedures.
It gets even more tricky when the vendor of your vendor has offshore staff yet you are completely unaware of it until you start asking very important questions about the services and how they are managed.
Tune in to the podcast to catch the rest of the conversation.
It seems like offshore services are a great opportunity for smaller organizations as well as larger ones. The most important thing you can do is try to understand where your data is stored, who has access to it,
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
<h2 style=”text-align: center; font-weight: bolder; line-height: 90%;”>HIPAA is not about compliance,</h2>
<h2 style=”text-align: center; font-weight: bolder; line-height: 90%;”>it’s about patient care.<span id=”tm”>TM</span></h2>
Special thanks to our sponsors Security First IT and Kardon.
