Business Associates: Minimizing Risk

Questions to Ask About Privacy, Security Issues
A key factor in minimizing the risk of a breach when working with business associates is to provide these partners with the minimum amount of information they need to perform their services, says security expert Brian Lapidus."The simple truth is that if you limit access, you limit risk," says Lapidus, chief operating officer at Kroll Fraud Solutions.

In an interview with HealthcareInfoSecurity's Howard Anderson, Lapidus recommends that organizations hiring business associates ask six key risk management questions:

  • What type of background check do you perform on your employees? "Background screening is a move that mitigates risk and demonstrates organizational commitment to safety and security," he says.
  • How and where will data be stored, accessed, shared or transmitted? Be sure the business associate is "employing stringent access controls to safeguard data," he advises.
  • Do you have a comprehensive privacy awareness training program for your employees?
  • Will you allow us to perform an onsite review or audit?
  • Do you have a security incident response plan in place?
  • What subcontractors will you use, and how will you share patient information with them?

As leader of the fraud solutions practice at Kroll, Lapidus helps a variety of corporations and organizations safeguard against and respond to data breaches. With an extensive background in organizational development, he sets direction for the company's efforts in identity theft discovery, investigation and restoration. He oversees a team that includes licensed investigators who specialize in supporting breach victims and restoring individuals' identities.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.