Access cannot be freely granted to data—such is the reality of the world today. Unnecessary risk is created if a vendor is allowed to freely access, use or otherwise interact with data. Why go down the risk-filled road when issues can be identified and addressed?
This question is central for healthcare entities, whether covered entities contracting with business associates or business associates contracting with subcontractors. The direct liability all of the way up and down the chain of access now firmly entrenched in HIPAA means no entity on any level can escape notice.
