HIPAA Revises Business Associate Agreement Requirements


Protecting Health Information -

The privacy of health information is protected by federal rules. These rules, which have been recently updated, affect the handling of “protected health information” (“PHI”) by business associates that process claims or provide data analysis, utilization review, quality assurance, billing, data storage, medical research or other similar services to "covered entities" that use PHI. Covered entities (e.g. hospitals, physicians' practices and health insurance providers) are required to enter into contracts with their business associates handling PHI that protect the privacy and security of patients’ information. Business associates are also required to have agreements with their subcontractors addressing the privacy and security of health information.

Liability for Vendors -

A covered entity can be liable for its business associates’ breaches of privacy or security that compromise individuals’ PHI. Similarly, a business associate is liable for the HIPAA violations of its subcontractor. The law requires covered entities to have contracts with their business associates, and for business associates to have contracts with their subcontractors, specifying the duties and responsibilities of each party for protecting PHI and reporting the improper disclosure of PHI. ("Business Associate Agreements").

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Burns & Levinson LLP | Attorney Advertising

Written by:


Burns & Levinson LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.