Effective Vendor Management
By Bender, Leslie | |
Proquest LLC |
Collection agencies need to be mindful of how vendors expose their business to liability
The health care industry migrated to business arrangements in which our covered entity clients were influenced by those business associates (or vendors or subcontractors) the law obligated them to influence. Over a decade ago, the law spelled out some of the critical terms and conditions that would carry forward the consumer protections of the law while allowing parties to do business together, even if not directly covered by the law.
The "business associate" concept essentially extends the reach of the Health Insurance Portability and Accountability Act of 1996 from the regulated or "covered entities"-obligating those directly covered by the law to regulate their business partners. According to the insurance industry, the HIPAA-fashioned business associate mechanism has now set the stage for an approach evident in industries outside health care as well.
Interestingly, while the influence of the HITECH Act and the
Insurers have reexamined the terms and conditions of their liability policies, fully anticipating that many of the services a business cairies out may be carried out via vendors and subcontractors. Our creditor clients are being influenced by both recent enforcement actions zeroing in on vendor risks and a shift in the insurance markets that reflect the influence of this perspective.
If we choose to do business through vendors, we need to be prepared to have our own liability influenced by their compliancy. We have to be mindful of the controls and risks associated with the full cascade of suppliers, vendors and subcontractors with whom we do business. Regardless of whether or not we are working in the health care industry, the business associates concept in HIPAA is influencing a host of governmental and regulatory initiatives in a wide range of industries.
Originally crafted more than a decade ago, the business associate idea in health care privacy and data-security settings was intended as a workaround to keep HflPAA's protections intact, even if an entity covered by HIPAA had to engage a business not directly covered by HIPAA to assist it in performing its mission-critical services.
As originally conceived, HIPAA required those who were covered to craft contract provisions, passing along I IIPAAs protections and restrictions to any organization that worked directly or indirectly for the covered entity. Now the body of vendors or subcontractors have direct liability under HIPAA and liability via their contractual arrangements with covered entities.
In addition, covered entities can experience liability for their own acts or omissions or for turning a blind eye on their vendors' compliance lapses.
In financial settings,
From a practical standpoint, this shift or influence obligates us not only to ensure we are familiar with and meeting the vendor management expectations of all of our clients, but also that we have made certain that our own vendors and the potential cascade of suppliers and subcontractors are bound to abide by the vendor management expectations of our regulators as well.
This business of making "the regulated" turn around and regulate vendors, suppliers and contractors is important to the
Please join us in
By
Copyright: | (c) 2014 ACA International |
Wordcount: | 805 |
Advisor News
Annuity News
Health/Employee Benefits News
Life Insurance News