b"In preparing business associate agreements, healthcare organizations should demand a right-to-audit clause and copies of vendors' current security policies as proof that the companies are taking appropriate measures to protect patient data, says security expert Rebecca Herold."