Business Associates Beware!

Quietly, the Feds recently set the stage for a massive expansion of enforcement of privacy rules under the Health Insurance Portability and Accountability Act (HIPAA).

The message: If business associates have potential access to any private health information, they should be prepared for the Feds to take enforcement action against them only for any breaches of privacy. In a new memo, the U.S. Office for Civil Rights (OCR) underlines the word “only”. 

Translation: The Feds’ authority to go after a business associate under HIPAA is nothing new, but, in practice, business associates typically came under scrutiny as an offshoot of an inquiry into a healthcare provider or insurer. Now the Feds are signaling a shift in emphasizing a focus on direct liability of a business associate.

 “As part of the Department’s effort to fully protect patients’ health information and their rights under HIPAA, OCR has issued this important new fact sheet clearly explaining a business associate’s liability,” said OCR Director Roger Severino. 

As a providers, it’s important to make sure your business associates are protecting the privacy of your clients — and that they understand the extent of their responsibility.

Upcoming Webinars

No Events on The List at This Time

Upcoming Events

No Events on The List at This Time

10 Steps to Compliance