Failing to Train Business Associates on HIPAA Can be Described as Willful Neglect, Amy Leopard , Walter & Haverfield LLP
We did a webinar with Amy Leopard awhile back and I very much enjoyed her insight. She recently was a co-presenter with David Mayer, the OCR's acting senior adviser for the health information privacy, compliance and enforcement group, the complete text of which may be found at the following place.
Once again there was a prediction that the "final regulations" pertaining to business associates could be published "as early as July 9th". I won't comment again on these predictions but sooner or later someone has to get the right date.
The significant quote for me was from Amy, stating "Willful neglect generally can be described as knowing HIPAA rules but not properly training employees -- and now, business associates -- in them." When we last talked Amy was focused on the business associate agreement, which is an important first step for the covered entity, but making sure that the business associate is compliant is the next step.
The covered entity has a responsibility to get "suitable assurance" that their business associates are compliant and may request a risk assessment from them if "reasonable and appropriate". It is within the power of covered entities to have a great influence on protecting the PHI that they entrust to their BA. They need to start using that power.
Subscribe via RSSCategories
- HIPAA HITECH Act
- HIPAA Covered Entity
- HIPAA Business Associates
- Health Information Privacy
- HIPAA Compliance Online Software
- HIPAA Compliant Checklist
Recent Blog Posts
- Business Associates Need HIPAA HITECH Compliant Policies and Procedures, Now/1
- Minnesota Attorney General Sues Business Associate for HIPAA HITECH Data Breach
- HIPAA HITECH Data Breach Costs Small Business Associate $300,000
- HIPAA HITECH Rules De Facto Standard?
- HIPAA HITECH Data Breach: $1000 Per Patient?
- Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
- more from the blog
