Compliance Perspectives

By Adam Turteltaub Things are a bit out of balance when it comes to Business Associates (BAs) in healthcare.  Organizations invest a great deal of time and resources in vetting these third parties to make sure that they will safely handle data from the covered entity.  But, when the relationship ends, those same organizations may overlook the risks to their data post-separation. The problem is complex because different BAs will fall under different regulations and use data differently.  Some may process but not retain data.  Others may have terabytes of your data to return or destroy immediately.  For others, there may be a law or regulation requiring them to hold onto that data for several years. The compliance team, explains Marti Arvin (LinkedIn), Vice President, Chief Compliance and privacy Officer at Erlanger Health System, needs to ensure it is part of the process whenever a BA relationship is coming to an end.    At that point, it’s time to reach out to the BA to ensure there is a plan in place for