Business Associates Beware!

Quietly, the Feds recently set the stage for a massive expansion of enforcement of privacy rules under the Health Insurance Portability and Accountability Act (HIPAA).

The message: If business associates have potential access to any private health information, they should be prepared for the Feds to take enforcement action against them only for any breaches of privacy. In a new memo, the U.S. Office for Civil Rights (OCR) underlines the word “only”. 

Translation: The Feds’ authority to go after a business associate under HIPAA is nothing new, but, in practice, business associates typically came under scrutiny as an offshoot of an inquiry into a healthcare provider or insurer. Now the Feds are signaling a shift in emphasizing a focus on direct liability of a business associate.

 “As part of the Department’s effort to fully protect patients’ health information and their rights under HIPAA, OCR has issued this important new fact sheet clearly explaining a business associate’s liability,” said OCR Director Roger Severino. 

As a providers, it’s important to make sure your business associates are protecting the privacy of your clients — and that they understand the extent of their responsibility.

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

New Social Media Course

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

Read More »

Upcoming Events

10 Steps to Compliance