Are Your Vendors Compliant?

Share on facebook
Share on twitter
Share on linkedin

Why Internal Compliance is NOT Enough…

Whose responsibility is it to be HIPAA compliant? Is it just the doctor’s responsibility? His IT advisor? His vendor? His secretary? The nurses? Is it everyone in the healthcare organization?

We all know that doctors, dentists, chiropractors and other healthcare providers fall under the HIPAA Security and Privacy rule. They are all trying their very best to make themselves compliant. However, what most of them overlooked, is that their business associates, subcontractors, and employees also fall under these rules.

According to the HHS, “Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information.” Meaning, anyone who touches and interacts with patient health information, in any way, must protect it.

Any person who does the following:
• Talk to patients directly
• Give out prescriptions
• Take blood pressure
• Manage the firewall for a healthcare environment
• Manage a database that holds patient data
• Encrypt patient data on behalf a provider

… is responsible for HIPAA and HIPAA violations. If they interact with Patient Health Information in any way, healthcare workforce members, third-party vendors and subcontractors are all equally legally bound to comply with HIPAA regulations concerning the security of Patient Health Information.

Third party vendors sometimes think they are exempted to these provisions. Especially those who don’t classify themselves as “healthcare covered entities.” The problem is, the HHS does consider them legally bound to protect PHI and ignorance is not accepted as a legitimate excuse in the HHS’ eyes. That’s why the HHS requires business associate agreements.

According to the HHS, “In addition to business associate agreements, business associates are directly liable for compliance with certain provisions of the HIPAA Rules.”

Provisions from HIPAA Omnibus Rule on business associate rule are as follows:
• Make business associates of covered entities directly liable for compliance with certain parts of the HIPAA Privacy and Security Rules’ requirements.
• Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes and prohibit the sale of protected health information without individual authorization.
• Expand individuals’ rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.
• Require modifications to, and redistribution of, a covered entity’s notice of privacy practices.

Covered entities should review their existing Business Associate Agreements (BAA) to include:
Updating the BAA to state that if the business associate is to carry out the covered entity’s obligations under the Privacy Rule, the business associate must comply with the requirements of the Privacy Rule that apply to the covered entity in the performance of such obligations; and Adding a provision stating that the business associate is directly subject to the Security Rule.

The business associate rule is critical as it helps assure that your business partners are also fully HIPAA compliant.

If Protected Health Information (PHI) is compromised at a healthcare practice, the practice is always considered at fault. A third-party vendor can cause a data breach. Signing a business associate agreement doesn’t exempt them from anything that goes wrong with patient security. If data in the business associate’s possession is breached, they share equal responsibility with the healthcare provider.

What stands between your patients’ valuable data and those cyber criminals, is your vigilance on compliance. It’s not enough that you are internally compliant. Your vendor makes a crucial link to your healthcare compliance chain. Secure your patient data now and break free from business worry.

Reach out to learn more!

Troinet HIPAA Press-Release

Get a Quote from IT Experts

We’re here for you. As leaders in the IT support industry, we provide high-quality service, all at a surprisingly affordable price.

Wayne Roye CEO Troinet IT Services Support in New York New Jersey

About Troinet

Wayne Roye is the Founder and CEO of Troinet, a privately held technology consulting firm based in New York City. Troinet's goal is to help companies make better decisions around technology.

Recent Posts

Are Your Vendors Compliant?

Outsourced IT Support

Outsourced IT lets you enjoy reduced costs, access to experts, increased competitiveness, faster scalability, reduced risks, more time and focus for your business.

Managed IT Services

Let your IT be managed by an expert IT team so you can enjoy lower costs, and scale quickly.

IT Consulting

Tap into the expertise of professionals with broader and deeper exposures so you can make the best tech decisions.

Cloud Services

Our cloud solutions allow you to enjoy greater flexibility, business continuity and disaster recovery, collaboration efficiency.

Cyber Security

Protect your data from unauthorized access, improve client and stakeholder confidence, and gain faster recovery during breach.

Network Support

Enjoy fast exchange of information, reliable resource-sharing, and secure connectivity.

Server Support

Supercharge your business by securely and efficiently storing large chunks of data, and freeing your computers to perform better.


Getting the right VOIP service will enable you to enjoy reduced phone bills, better communication, access, and customer service.

IT Financing

IT Financing lets you boost your sales by giving your customers the ability to make regular loan payments and give them greater liquidity. It will attract you new customers and earn repeat business.


With data breaches and HIPAA violations making headlines day-after-day, the burden to protect patient data has never been more pressing. You can entrust to us your cyber-security and HIPAA compliance.


Virtualization has enabled businesses of all sizes to get more out of their technology, while simultaneously reducing costs, and increasing productivity


Digital technology can empower patients and care teams to reach beyond traditional boundaries for better outcomes.

Our Technology Partners

Below is a list of the Technology Partners we work with to provide IT Services in the country. We’re proud to have this relationship with some of the most reputable companies in the industry to help you grow your business. Our partner companies are the best in the industry, and are strategically-positioned to bring your IT to the next level.

What Our Clients Say ❤️

We are so proud of our clients and we are happy to share our services on how to boost their operations and reduce expenses. Our clients’ satisfaction is what we live for, because at Troinet, we know how important IT is. That’s why we provide 24/7 support and want to our clients fully satisfied with their purchase.

Google Rating
Discover Possibilities with Troinet

Discover Business Possibilities with Technology

Learn how our technology advises, services, and solutions can help you achieve your business goals such as (1) turning dreams to reality, (2) freedom from stress and limitations, (3) simplified communications, and more.

Free Assessment

Find out how much you can save by switching to managed services.

Let us help you find a solution for your IT needs. Get Quote.

Get a Quote

Explore greater business possibilities in with technology


We're here to assist you