GHX Helps Providers Improve HIPAA Compliance with New Business Associate Management Consulting Services

With business associate-related data breaches on the rise and OCR audits set to start in 2016, providers risk stiff financial penalties, reputation damage for non-compliance
Louisville, CO — Monday, December 14, 2015

As the use of health information technology broadens, so too have risks to patient privacy. Data breaches involving provider business associates (BAs) on average affect more individuals per breach than other breaches1. To help providers improve HIPAA business associate compliance, Global Healthcare Exchange, LLC (GHX) today announced its new Business Associate Management Consulting Services. These services provide healthcare providers with a strategy and framework to meet important business associate compliance. 

Adding to the urgency for these services, the U.S. Department of Health & Human Services’ Office for Civil Rights (OCR), which is responsible for enforcing the HIPAA Privacy and Security Rules, has announced it will begin its Phase 2 audits in early 2016. These OCR audits will require providers to quickly deliver a number of BA-related documents and procedures to demonstrate HIPAA compliance. The new GHX Business Associate Management Consulting Services are designed specifically to help providers quickly and successfully respond to the business associate requirements of the OCR audits.

“Left unidentified and unmanaged, business associates greatly increase the risk of HIPAA violations and willful neglect penalties,” said Chris Luoma, vice president, Product Management at GHX. “Data from the Ponemon Institute shows that the average cost of a data breach can be as much as $3.8 million, not to mention the intangible costs caused by reputation damage to the organization. Given the increasing number of BAs with whom most providers transact, not to mention the fact that the definition of a business associate expanded under HIPAA regulations, the challenges facing providers to remain compliant are increasing exponentially. GHX’s goal is to offer the industry’s most complete range of products and services that help clients create a ‘culture of compliance’ to successfully achieve Meaningful Use objectives, OCR HIPAA business associate audits, and other key credentialing metrics.”    

The new GHX Business Associate Management Consulting Services, along with the GHX Compliance Document Manager solution, help ensure key outcomes, including: processes combined with technology to centralize and organize key compliance-related information; help identify potential Business Associates; improve compliance and help OCR audit readiness; and track key compliance information and identify outstanding items.  

Specific services include:

About GHX
Global Healthcare Exchange, LLC (GHX) drives costs out of healthcare with cloud-based supply chain management technology and services in order to help enable better patient care and savings by maximizing automation, efficiency, and accuracy of business processes. GHX offers healthcare providers and suppliers an open and neutral electronic trading exchange that delivers procurement and accounts payable automation, contract and inventory management, vendor credentialing and management, business intelligence, and other supply chain-related tools and services. For more information, visit and The Healthcare Hub.  
# # #

Source:  HHS Annual Report to Congress on Breaches of Unsecured Protected Health Information