Healthcare Business Associates

BCLP
Contact

The Health Information Technology for Economic and Clinical Health (“HITECH”) Act modified the Health Insurance Portability and Accountability Act (“HIPAA”) by expanding the definition of Business Associates (“BA”) and their responsibilities and liabilities. A BA includes:

  1. Health Information Organizations
  2. E-Prescribing Gateways
  3. Persons/entities that for, or on behalf of, a Covered Entity:
  • Create or received PHI
  • Maintain or store PHI even if they do not or cannot access the PHI
  • Offer personal health records
  • Provide data transmission services if they routinely access the PHI

 Pursuant to HITECH and HIPAA, BAs are required to do the following:

Designate Security Officer

Perform Security Risk Assessment

Implement Administrative, Physical, and Technical Safeguards

Identify and Report Breaches and Security Incidents

Develop Polices for HIPAA/ HITECH Compliance Program

Impose Disciplinary Actions for HIPAA/HITECH Violations

Have Business Associate Agreements with Subcontractors

Maintain Documentation 6 Years

 

The Federal Office for Civil Rights (“OCR”) enforces HIPAA and HITECH. BAs are under great scrutiny from the OCR as BAs have been identified as one of the OCR’s top three enforcement priorities in 2016. Under HIPAA and HITECH, BAs are directly liable for compliance and subject to these monetary penalties:

Violation Category

Each Violation

Maximum Penalty per Identical Provision Violated in Calendar Year

Did Not Know

$100 - $50,000

$1,500,000

Reasonable Cause

$1000 - $50,000

$1,500,000

Willful Neglect – Corrected

$10,000 - $50,000

$1,500,000

Willful Neglect – Not Corrected

$50,000

$1,500,000

Key Considerations for BAs:

  • Determine if you are a BA
  • Designate person to oversee a HIPAA/HITECH Compliance Program
  • Identify high risks, e.g., mobile devices, emails, texting, medical devices
  • Respond timely and effectively to breaches and security incidents
  • Monitor, audit, and update privacy and security on ongoing basis
  • Know the terms of Business Associate Agreements
  • Prepare contingency/disaster plan
  • Maintain adequate cyber insurance

 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© BCLP

Written by:

BCLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide