Business Associates Liable for Breach of Their Business Associate Agreements, Effective February 17, 2010
Finally we are seeing privacy and security experts agreeing that if you signed a BA agreement you must be compliant with the terms of that agreement, now.
Here is more from this important blog:
New standards imposed on business associates and their partners.
Guest commentary from Daniel F. Gottlieb, Bernadette M. Broccolo, Jennifer S. Geetter, Jerry Tichner, Jeanna Palmer Gunville, Sarah S. Nelson, Edward G. Zacharias and Stephen W. Bernstein, attorneys in the Health Industry Advisory Practice Group of global law firm McDermott, Will & Emery, LLP
[Editor's note: Due to its length, this guest commentary will be presented in a series of three blog posts on consecutive days. Part 1 appears below.]
On July 14, 2010, the Office for Civil Rights (OCR) of the U.S. Department of Health & Human Services (HHS), issued a proposed rule (Proposed Rule) containing modifications to the privacy standards (Privacy Rule), security standards (Security Rule) and enforcement regulations (Enforcement Rule) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The proposed modifications include changes required by the Health Information Technology for Economic and Clinical Health Act (HITECH Act) and other changes deemed appropriate by OCR in order to strengthen the privacy and security of health information and to improve the "workability and effectiveness" of the Privacy Rule, Security Rule and Enforcement Rule (collectively, the Administrative Simplification Regulations).
OCR is accepting comments on the Proposed Rule through Sept. 13, 2010. Covered entities, business associates and others affected by the Administrative Simplification Regulations should consider submitting comments to OCR in order to shape the final rule. The Proposed Rule indicates that final amendments to the Administrative Simplification Regulations will be effective 180 days after the publication of a final rule. However, covered entities and business associates that have agreed to comply with HITECH Act requirements or other Administrative Simplification Regulation requirements through business associate agreements will continue to have contractual compliance obligations prior to the effective date.
Consequently, effective Feb. 18, 2010, the HITECH Act makes business associates both contractually liable to a covered entity for breach of the business associate agreement with the covered entity and civilly and criminally liable to the government for violations of those Security Rule requirements and the Privacy Rule's business associate agreement requirements.
Subscribe via RSSCategories
- HIPAA HITECH Act
- HIPAA Covered Entity
- HIPAA Business Associates
- Health Information Privacy
- HIPAA Compliance Online Software
- HIPAA Compliant Checklist
Recent Blog Posts
- Business Associates Need HIPAA HITECH Compliant Policies and Procedures, Now/1
- Minnesota Attorney General Sues Business Associate for HIPAA HITECH Data Breach
- HIPAA HITECH Data Breach Costs Small Business Associate $300,000
- HIPAA HITECH Rules De Facto Standard?
- HIPAA HITECH Data Breach: $1000 Per Patient?
- Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
- more from the blog
