OCR Issues Fact Sheet on Personal Liability for Business Associates
- Health and Human Services’ Office for Civil Rights issued a fact sheet discussing the potential for business associates to face personal liability for violations under the Health Insurance Portability and Accountability Act (“HIPAA”). Business associates are a person or entity that perform certain functions or activities involving the use or disclosure of protected health information on behalf of a covered entity. The Health Information Technology for Economic and Clinical Health (“HITECH”) Act of 2009 granted OCR authority to take enforcement action against business associates for violating certain HIPAA requirements.
- The fact sheet specifies ten grounds for which OCR may take enforcement steps against business associates, including failing to comply with the HIPAA security rule, failing to provide breach notifications to a covered entity or another business associate, and impermissible uses and disclosures of protected health information.
- The fact sheet follows closely on the heels of HHS’s recent notification of its decision to lower the Civil Money Penalty (“CMP”) amounts for certain tiers of HIPAA violations.
More trending Health Law topics this week:
CMS Terminates Provider Agreement with Two Rural Hospitals
Post a comment:
Ask the Blogger
Do you have a topic that you would like discussed in a future blog article? Please let us know. If you have a confidential question regarding a blog article, please feel free to contact the article's author directly, or let us know if you would like for someone to contact you directly.
Brian F. Higgins is an associate in FBT's regulated business group with a focus on health care, and he has a history as corporate counsel to Medpace, Inc., a pharmaceutical clinical research organization.