If you are a HIPAA-regulated business or deal with HIPAA-regulated industries, you really have to trust your vendors. A security breach at a vendor’s office may as well be a breach in your office, as far as HIPAA is concerned. You need to have a business-associate agreement (BAA) signed with those vendors. And if that vendor has no idea what a BAA is, you might want to reconsider your relationship with them, for your own protection. In a recent news story, an Illinois-based clinic was fined $31,000 because they didn’t have a BAA signed with a vendor hired to store paper records containing patients’ protected health information (PHI) (that vendor is the focus of other investigations). You can read the full cautionary tale here. If you need any assistance with your vendors or other HIPAA regulations, don’t hesitate to contact your local Weston office today.