How Six Key Strategies Can Mitigate Business Associate Risk

Hot 2020 Health Information Management and Health Information Technology Topics

December 30, 2019

MRO’s Anthony Murray, CISSP, Vice President of Information Technology, discusses key strategies that can reduce business associate risk.

As advancements in health information technology allow increased access to Protected Health Information, covered entities
and business associates face an uphill struggle to protect patient data and privacy.

Adding to the complexity are industry trends around the renewed focus on vendor relationships and compliance, along with
the Office for Civil Rights’ (OCR) heightened scrutiny of BAs. In fact, OCR’s enforcement measures have targeted poor
Business Associate Agreement management, emphasizing incidents in which the business associate (BA) was at fault.

BA breaches on patients of a CE can range from cases of identity theft to exposure of sensitive information regarding a
condition, treatment or test that could lead to harm, embarrassment or discrimination. If fines are imposed, sanctions and
actions will be held against the CE as well.

View Full Article

Anthony Murray

In his role as Chief Interoperability Officer, Murray oversees MRO’s strategic initiatives related to accelerating clinical data exchange. In addition to overseeing the clinical data exchange team, Anthony also is responsible for the interoperability, systems integrations, and security teams, to utilize advanced technologies to deliver secure, meaningful information exchange. Anthony, as a Certified Information Systems Security Professional (CISSP), serves as the company’s Information Systems Security Officer (ISSO) and is positioned to provide common oversight of the security of MRO’s clinical data exchange. He partners closely with MRO’s privacy, compliance and innovation thought leaders, to assess all areas of the clinical data exchange and to provide value through modern, secure technologies. Anthony has over 20 years of experience in technology and security supporting the healthcare industry vertical, including release of information, clinical manufacturing and pharmaceuticals.