Business Associates: Minimizing Risk
Questions to Ask About Privacy, Security IssuesIn an interview with HealthcareInfoSecurity's Howard Anderson, Lapidus recommends that organizations hiring business associates ask six key risk management questions:
- What type of background check do you perform on your employees? "Background screening is a move that mitigates risk and demonstrates organizational commitment to safety and security," he says.
- How and where will data be stored, accessed, shared or transmitted? Be sure the business associate is "employing stringent access controls to safeguard data," he advises.
- Do you have a comprehensive privacy awareness training program for your employees?
- Will you allow us to perform an onsite review or audit?
- Do you have a security incident response plan in place?
- What subcontractors will you use, and how will you share patient information with them?
As leader of the fraud solutions practice at Kroll, Lapidus helps a variety of corporations and organizations safeguard against and respond to data breaches. With an extensive background in organizational development, he sets direction for the company's efforts in identity theft discovery, investigation and restoration. He oversees a team that includes licensed investigators who specialize in supporting breach victims and restoring individuals' identities.