2023 New HIPAA Business Associate Enforcement – CE & BA Takeaways
Speaker: Paul R. Hales
Speaker Designation: Health Privacy Attorney
Speaker: Paul R. Hales
Speaker Designation: Health Privacy Attorney
On June 28, 2023, the HHS Office for civil rights published the results of its investigation into HIPAA violations by a business associate (BA) that provides important guidance and clarification of the requirements for BA HIPAA compliance. Covered entities (CES) are deeply entangled with the HIPAA compliance of their BAS by law and contract. This webinar builds on June 28, 2023, HIPAA enforcement settlement to explain newly clarified BA HIPAA compliance clearly and the significant lessons for CES. The chain of HIPAA compliance starts with a CE. it extends to a BA that provides a CE with services involving PHI. And the chain of compliance continues on down to any subcontractors of a BA that perform services involving PHI. BA subcontractors are defined by HIPAA as BAS and are fully liable for compliance.
During the first six months of 2023, major health information breaches reported to HHS affected nearly double the number of individuals affected during the same period last year. And about half of them were victims of BA breaches. Criminals focus on attacking BAS because one hit can give them access to the PHI of all the BA’s customers – and, according to one expert, bas are the weakest link – the unlocked window that criminals crawl through.
Serious BA PHI breaches have attracted aggressive private class action lawsuits filed within days of a breach targeting bas and their CE customers. CES that did nothing wrong can be held liable to pay the same civil money penalty as their BA for the BA’s HIPAA violation under the federal common law of agency which is included in the HIPAA enforcement rule.
Simple steps, often overlooked but easy to follow, enable BAS and CES to protect against costs and damage to their reputations caused by BA HIPAA violations. of HIPAA rules that apply to BAS
This webinar explains the interconnected HIPAA compliance responsibilities and liabilities of CES and BAS.
HIPAA rules that apply to both are easy to follow, step-by-step, when you know the steps.
CES can find themselves fully liable for HIPAA violations committed by BAS and BAS for violations committed by subcontractors under the little-known federal common law of the agency. However, risks associated with BA HIPAA compliance can be managed calmly and confidently by following the HIPAA rules that are easy to follow, step-by-step.
BAS should attend this webinar to see exactly what they must do to comply with HIPAA rules – security, privacy, and breach notification rules. and what to look for in due diligence and how to obtain HIPAA-required satisfactory assurances that a subcontractor BA is complying with HIPAA while avoiding liability by inadvertently making a subcontractor BA their agent.
CES should attend to see what to look for in due diligence, how to obtain HIPAA-required satisfactory assurances that a BA is complying with HIPAA and avoid liability by inadvertently making a BA their agent.
HIPAA rules that apply to BAS and CES in dealing with their BAS are discussed and explained including:
Paul R. Hales, J.D. is widely recognized for his ability to explain HIPAA Rules clearly in plain language. He is an attorney licensed to practice before the Supreme Court of the United States, a graduate of Columbia University Law School, and a Senior Counselor of the Missouri Bar with an international practice in HIPAA privacy and security. Paul is the author of all content in The HIPAA E- Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Health Care Providers, Business Associates, Health Plans, and Third third-party administrators.
