The HHS Office for Civil Rights (“OCR”) recently issued a new fact sheet (“Fact Sheet”) addressing direct liability of business associates for violations of the HIPAA Privacy, Security and Breach Notification Rules (“HIPAA Rules”). The Fact Sheet serves as a reminder to business associates that in addition to their contractual liability to covered entities under the business associate agreements, business associates also have direct liability under HIPAA and are subject to OCR enforcement for violations of the HIPAA Rules. The Fact Sheet outlined the specific requirements of the HIPAA Rules with respect to which the OCR has authority to take enforcement action against business associates. These requirements include:
Numerous vendors which provide services involving access to PHI to healthcare organizations that are HIPAA covered entities can be considered business associates under HIPAA. Simply entering into business associate agreements with covered entities is not sufficient for HIPAA compliance. Rather, it is essential that business associates implement a HIPAA compliance program to address compliance with the HIPAA Rules. The Fact Sheet can serve as a resource for business associates to review their HIPAA policies and procedures to ensure compliance with the applicable requirements of the HIPAA Rules.
If you have any questions about HIPAA compliance or need any assistance with establishing a HIPAA compliance program, please contact the author of this article.
NOTICE.
Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you (an ‘engagement letter’).
By clicking the ‘ACCEPT’ button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and, further, even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you. Please click the ‘ACCEPT’ button if you understand and accept the foregoing statement and wish to proceed.
