Steve Fox, Information Technology Practice Chair and Data Protection/Breach Co-Chair at Post & Schell, will speak as well as moderate a panel discussion on “Dealing with Vendors: Best Practices for Contracting and 3rd Party Compliance” in early September 2014 at the Privacy and Security Forum in Boston.
As outsourcing continues to gain steam in the healthcare, security and privacy officers must be more vigilant than ever that cloud vendors and other business associates who handle PHI comply with HIPAA and make privacy and security a high priority. Your relationship with your vendors begins with a well-negotiated contract, which is vital to protecting your interests and limiting potential liability in the event of a breach, but it’s only half the battle.
Just because you have a contract in place, doesn’t mean you can be hands off about privacy and security issues.
In this session, Steven J. Fox, a leading healthcare IT attorney, outlines some of the key terms and conditions that make up the contractual foundation that covered entities need when working with HIT vendors and other business associates. He’ll also cover:
* What due diligence should be performed prior to starting contract negotiations?
* How vendors should share information about privacy & security breaches with your organization?
* How often (if at all) should you audit or monitor a vendor’s privacy & security performance?
* How to make sure a vendor returns, destroys, or appropriately safeguards your data at the end of the business relationship?
Fox will also moderate a panel discussion and examine what providers should expect from their vendor partners when it comes to protecting PHI and what vendors can realistically deliver.