The New Platform Addresses Growing Compliance Challenges Amid Frequent Data Breaches, Heightened Federal Scrutiny and Anticipated Privacy Legislation
PHIflow announced the launch of its cloud-based platform designed to comprehensively address the growing challenges of manually reviewing and managing Business Associate Agreements (BAAs) for both covered entities (CEs) and business associates (BAs). Driven by artificial intelligence (AI), the solution automates manual document review, significantly increasing operational efficiencies and reducing costs associated with compliance, regulatory audits, breach preparation and incident response.
With its new platform, PHIflow seeks to help businesses make better-informed decisions by analyzing and aggregating the risks and requirements associated with sharing protected health information (PHI) across a growing number of customers and vendors. In particular, PHIflow streamlines compliance in today’s evolving regulatory environment to help ensure organizations can withstand increased scrutiny by regulators and avoid potentially devastating penalties.
“As we saw two weeks ago with the $500,000 settlement for missing a single BAA, these agreements continue to be the cornerstone of the Office for Civil Rights’ compliance initiatives,” said Kirk Nahra, a partner specializing in privacy and information security at Wiley Rein. “When an incident involves a business associate, one of the first things the Office for Civil Rights investigates is whether a BAA is in place with the covered entity. If not, that’s a big problem, and the Office for Civil Rights begins investigating other areas of HIPAA compliance. It’s a red flag for them.”
Today’s healthcare organizations face notable roadblocks to getting their BAA house in order, including limited resources for reviewing and managing agreements, which number in the thousands for larger organizations and health systems. Exacerbating this challenge is the current consolidation trend, which creates a fragmented landscape for BAA oversight that extends across multiple departments, facilities, affiliations and a multitude of different owners.
BAAs are also the subject of intense negotiations between CEs, BAs and other subcontractors that often result in obligations that go beyond HIPAA and HITECH and can vary significantly between agreements. This makes efficient and effective management via typical manual workflows extremely difficult – if not impossible.
“Despite the high stakes, the healthcare industry lacks effective oversight strategies for managing these critical agreements. In fact, it’s not uncommon for even the most basic information to elude the executive suite – how many BAAs exist, where they’re located and the terms of each,” said Greg Waldstreicher, founder and CEO of PHIflow. “It’s vital that today’s legal and compliance professionals have this information at their fingertips, which is what the PHIflow platform does. By leveraging AI to automate the tedious and mundane processes that consume resources, PHIflow helps ensure compliance and effective oversight, regardless of how many BAAs are in place or how widely their risks and requirements vary.”
With PHIflow, compliance officers and other BAA owners simply upload agreements to the cloud-based application where they are saved in a central, intelligent repository. Next, HIPAA-focused AI algorithms instantly analyze each agreement and extract key requirements to drive actionable, appropriate and more informed oversight. PHIflow is used by BAs and CEs alike for:
- Overall compliance initiatives
- Breach preparation and response
- Internal or regulatory audit
- State data privacy law review
- Due diligence
“By automating resource-intensive, expensive and error-prone manual processes, PHIflow plays a leading role in helping healthcare organizations navigate the growing compliance challenges created by today’s regulatory environment, providing significant cost savings and peace of mind,” said Jason Silverstein, co-founder and COO at PHIflow.