With more and more digital issues surfacing over the past year, it is critical that practices keep a close watch on all their vendors and suppliers to steer clear of issues. Why: Evidence and case settlements suggest that compliance relating to electronic protected health information (ePHI) and EHRs is firmly in both the HHS Office for Civil Rights’ (OCR’s) and HHS Office of the Inspector General’s (OIG’s) sights for 2020 (see p.13). As part of your compliance planning and HIPAA risk assessment, it is a great idea to create a list of all your vendors annually and check in with them. As part of that follow-up, you should do a comprehensive investigation of your EHR products, your relationship and contracts — and whether they’ve had any compliance or violation issues over the past year of service. While performing your re-evaluation, consider setting up a scorecard with weighted questions and tally the results. Here are some examples of important questions to add to your vendor checklist: