What your Business Associates Need to Know


Quietly, the Feds recently set the stage for a massive expansion of enforcement of privacy rules under the Health Insurance Portability and Accountability Act (HIPAA).

The message: If business associates have potential access to any private health information, they should be prepared for the Feds to take enforcement action against them only for any breaches of privacy. In a new memo, the U.S. Office for Civil Rights (OCR) underlines the word “only”. 

Translation: The Feds’ authority to go after a business associate under HIPAA is nothing new, but, in practice, business associates typically came under scrutiny as an offshoot of an inquiry into a healthcare provider or insurer. Now the Feds are signaling a shift in emphasizing a focus on direct liability of a business associate.

 “As part of the Department’s effort to fully protect patients’ health information and their rights under HIPAA, OCR has issued this important new fact sheet clearly explaining a business associate’s liability,” said OCR Director Roger Severino. 

As a providers, it’s important to make sure your business associates are protecting the privacy of your clients — and that they understand the extent of their responsibility.


Leave a Comment

Your email address will not be published. Required fields are marked *