Redspin Helps Hospitals Ensure IT Security Compliance from Business Associates

Leading IT security firm expands its HIPAA security risk analysis methodology to reduce the risk of breach of protected health information (PHI) from a hospital's business associates

CARPINTERIA, Calif., Oct. 18, 2012 /PRNewswire/ -- Redspin, Inc., a leading provider of information security assessments, today announced a new service that better informs hospitals about the risks of PHI data breach by their business associates (BA's). Redspin's new service provides a methodology for hospitals to evaluate their BA's internal controls while building an enterprise risk model to determine overall exposure. As a result, hospitals are then able to discuss specific, mutually-beneficial process improvements with their largest and/or highest risk business partners.


"Business associates have been involved in more than 57% of the 21.1 million healthcare records breached since the HITECH Act went into effect," said Daniel W. Berger, Redspin's President and CEO. "Hospitals clearly need greater visibility and control over how their business partners protect the privacy and security of confidential patient data. It is a shared responsibility – contractually, legally and financially. But in too many cases, it's a security 'blind spot.'"

The HITECH Act extended HIPAA compliance obligations and direct civil liability for breach to business associates. By law and by contract, business associates must now directly comply with certain provisions of the HIPAA Security Rule as if they were covered entities themselves. However, hospitals are often unaware of what security protections a specific BA has actually put in place. Further compounding the issue, the sheer number and diversity of a covered entity's business associates makes the evaluation and comparison of risk among these third-party vendors a daunting task. Often, this remains an area of unmitigated risk for hospitals and other covered entities.

With Redspin's new service, a hospital can evaluate their partners' internal controls regarding the access, use, and disclosure of electronic patient health information. In addition, Redspin's global risk-based approach helps evaluate threats, vulnerabilities, and the effectiveness of internal controls from both an IT security and business operations standpoint. The result is an enterprise-wide, comparative scoring of risk across a hospital's business associate population, enabling health information managers to develop and target mitigation strategies that will have the highest impact.

About Redspin

Redspin provides Meaningful Healthcare IT Security®. For more than a decade,  Redspin has delivered comprehensive security testing, risk analysis, and compliance solutions to hundreds of organizations. The company's penetration tests and security assessments help keep confidential information safe and critical systems secure. Through expert analysis, complete objectivity and business acumen, Redspin has become a trusted security advisor to the healthcare industry, as well as banking and financial services, retail, energy, technology, and hospitality.

SOURCE Redspin, Inc.