In This Issue:
- Expansion of, Clarifications to, and Explicit Inclusions in the Definition of BA
- BAs’ Direct Liability Under the Final Rule
- BAAs: Required Provisions Under the Final Rule and the Compliance Date
- Excerpt from Expansion of, Clarifications to, and Explicit Inclusions in the
Definition of BA:
The Final Rule included several additions and clarifications to the HIPAA definition of BA. Identifying persons and entities which meet the definition of BA is important because the Final Rule clarified that a person or entity becomes a BA by meeting the definition of a BA and by creating, receiving, maintaining, or transmitting protected health information on behalf of a Covered Entity, not by contracting with the Covered Entity and entering into a BAA. Moreover, the type of protected health information involved does not matter; if the information is tied to a Covered Entity, it is considered protected health information by definition (even if it is, for example, strictly limited to demographic information). Whether or not a person or entity is a BA is significant because as will be further discussed below, BAs have direct liability under the Final Rule for not complying with certain HIPAA requirements.
Please see full Alert below for more information.
Firefox recommends the PDF Plugin for Mac OS X for viewing PDF documents in your browser.
We can also show you Legal Updates using the Google Viewer; however, you will need to be logged into Google Docs to view them.
Please choose one of the above to proceed!
LOADING PDF: If there are any problems, click here to download the file.