frontpage hit counter website page counter

HIPAA Services for Business Associates

Business Associates and HIPAA Compliance

Changes are taking place in Washington with the Health and Human Services in regards to the enforcement of the HIPAA laws already on the books and also on some of the risks for business associates.

A business associate is directly liable under the HIPAA Rules and subject to civil and, in some cases, criminal penalties for making uses and disclosures of protected health information that are not authorized by its contract or required by law. A business associate also is directly liable and subject to civil penalties for failing to safeguard electronic protected health information in accordance with the HIPAA Security Rule.

Practices also should expect increased activity by the Federal Trade Commission in the area of healthcare data breaches through its enforcement of consumer protection laws and from the Food and Drug Administration's protection of the integrity of medical devices, even though those federal agencies do not have the same comprehensive standards and clear regulations that OCR does to enforce HIPAA.

The activities of business associates will be under the microscope. The permanent HIPAA audit program, slated to begin in 2015, is expected to audit business associates as well as covered entities. The use of subcontractors by business associates also will be examined more carefully, especially those who use off-shore subcontractors.

Who needs to comply with the Security Rule?

All HIPAA-covered entities and business associates of covered entities must comply with the Security Rule requirements. The Security Rule applies only to electronic protected health information (ePHI). If a covered entity or business associate does not comply with the new legal requirements, under HITECH the fines have increased and are based on a new, tiered approach. The fine can range from $100 per violation to $50,000 per violation with a maximum fine amount of $1.5 million for willful misconduct. Additionally, HITECH gives the State Attorneys General the ability to enforce HIPAA violations with injunctions and civil damages.

Who needs to comply with HITECH?

HITECH amends HIPAA. HIPAA applies to "Covered Entities" and "Business Associates" of covered entities. If you experience a security breach and you have not implemented the HIPAA privacy and security rules, you may be fined by the Department of Health and Human Services.

Questions? Contact us today and let us manage your HIPAA compliance requirements.

Contact Us

Please enter your full name

Please enter your question. Also include your phone number for immediate response.