Tip: Research your associates’ compliance records. Healthcare providers engage with all sorts of business associates (BA) to ensure that their day-to-day operations run smoothly. Many of these partners utilize patients’ protected health information (PHI). That’s why it’s critical that you scrutinize your potential BAs’ compliance history thoroughly before you enter into a new contract. Context: The physician contractor provider, Advanced Care Hospitalists PL (ACH), neglected to look into the background of an individual, who operated as part of Doctor’s First Choice Billings, Inc. (First Choice) without the biller’s knowledge or permission, mentioned an HHS Office for Civil Rights release. After more than 8,000 individuals’ data was visible on the Internet, the feds investigated and discovered the individual’s falsehood (see related story, p.1). ACH didn’t properly vet the BA, nor write up a business associate agreement (BAA) — and, unfortunately, paid a steep price for its negligence. ACH’s troubles highlight that lack of protocols only exacerbate a violation. “A robust compliance plan must include relevant, mandatory policies and procedures, as well as an evolving and up-to-date risk analysis in order to maintain compliance,” explains attorney John E. Morrone, a partner at Frier Levitt Attorneys at Law in New York City. Those vital policies must include concise language on vendor and BA vetting, too. Consider asking these questions to ensure your BAs are HIPAA-compliant and on the up-and-up: Tip: If you are in the market for a new biller, cloud provider, or coding consultant, look for BAs and vendors that can meet the demands of your practice — and your wallet.