Know Your Vendors

By Wade Emmert

If you’re a healthcare provider, you likely rely on vendors who handle patient information—your EHR system, billing company, IT support, and more. But how well do you know their security practices?

Before entrusting them with PHI (protected health information), conduct due diligence. Here are some red flags to watch for:

🔴 No mention of HIPAA compliance on their website? That’s a problem.

🔴 Misspelling HIPAA as “HIPPA”? If they can’t spell it, they probably don’t understand it.

🔴 No third-party security certifications? That’s a risk.

🔴 Small vendor with no resources for security audits? That could be a liability.

Don’t assume vendors know what they’re doing—ask tough questions. At the end of the day, your practice is responsible for protecting patient data, and a reckless vendor could expose you to massive penalties.

Have questions? Drop a comment or email me at wade@texashealthlaw.com.

🔒 Privacy is everyone’s responsibility. Take it seriously.