BA agreements are mandated under the ‘organizational requirements’ section. As problems with data security continue to plague healthcare and cost covered entities (CEs) millions, observance of and compliance with the HIPAA Security Rule have never been more important. Though it may seem overwhelming at times, putting a risk management plan together is essential, especially if you’re flying solo on the whole process. Here is an outline of the necessary safeguards under the Rule and examples of processes that you can put into place to address the potential security risks to your organization, courtesy of the HHS Office for Civil Rights (OCR) and the Centers for Medicare & Medicaid Services (CMS):