DULUTH, GA – February 15, 2012 – CompliancePoint, a PossibleNOW company, announces a new Risk Assessment program that enables Covered Entities to monitor the compliance status of their Business Associates. The Business Associate Monitor program goes further than the standard Business Associate agreement by requiring a valid Report of Compliance from affiliated organizations. CompliancePoint, a Certified HIPAA Security Professional firm, also provides risk mitigation advisory services and a security incident response team in the program.

“The HITECH Act tightened information security breach notification requirements and established the fact that Covered Entities are responsible for the compliance activities of their Business Associates,” explains Jerry Wyble, VP & Practice Manager of CompliancePoint. “This puts a greater burden on Covered Entities to monitor what their Business Associates are doing regarding information security compliance, particularly with protected health information. Our Business Associate Monitor program gives Covered Entities a comprehensive approach to meeting and maintaining compliance initiatives throughout their electronic PHI network.”

The Business Associate Monitor program includes a thorough Risk Assessment of the Covered Entity’s Business Associate network. This assessment ensures the confidentiality and integrity of PHI data throughout the network. The assessment also identifies existing vulnerabilities within the organization and provides a detailed corrective action plan to mitigate this risk. The program can serve as a baseline to prepare for the audits by the Office of the National Coordinator for Health Information Technology and for all future information security initiatives.

Covered Entities need the ability to effectively manage and assess the risks throughout their network of Business Associates. To make this time-consuming task viable, the program includes CompliancePoint’s Compliance Automation Portal, a Software-as-a-Service solution. The Portal provides an easy-to-use standard interface for all Business Associates to report their activities and compliance status to a Covered Entity. The Portal centralizes the management and documentation for information security compliance initiatives and simplifies the activities required to demonstrate ongoing management and compliance with HIPAA HITECH.

“We tailor our Risk Assessments to meet the unique needs of each industry that we serve,” says Wyble. “Our Risk Assessment for Healthcare Business Associates examines numerous factors including the general rules for security standards, how Business Associates will manage and protect PHI, and the technology, policies and procedures in place to protect PHI. All of this helps Covered Entities reduce their overall risk of financial penalties and damage to their organization’s reputation.”

CompliancePoint offers a broad array of consulting services and technology solutions for the healthcare industry including a Risk Assessment Program for physicians, and Compliance Assessments for both Covered Entities and Business Associates. CompliancePoint also offers a Meaningful Use Risk Assessment that helps organizations correctly utilize Electronic Health Records technology.