PRACTICE OWNER RESPONSIBLE. The practice owner bears ultimate responsibility for HIPAA violations, even if a staff member made the mistake.
HAVE BUSINESS ASSOCIATE AGREEMENTS. To protect yourself from the HIPAA violations of the vendors you work with, have your attorney create business associate agreements, in which you, and each of the vendors you work with, commit to HIPAA compliance, and verify in writing that each party alone is responsible for its actions.
MAKE GOOD-FAITH EFFORT. The government doesn’t expect you to be perfect, but it does expect you to show you made the best possible effort to be HIPAA compliant, including documenting staff compliancy training, and being upfront about even minor HIPAA infractions. Show the steps you took to remediate, such as providing additional training to an employee at fault, or ending a relationship with a vendor with chronic HIPAA violations.
Listen to the earlier podcasts in the series:
Ensuring HIPAA Compliance: Common Sense Steps