The HIPAA Omnibus Final Rule (Final Rule) made substantial changes to the obligations and liabilities of business associates (BAs) and their subcontractors. These changes implement provisions of the Health Information Technology for Economic and Clinical Health Act (HITECH Act), which sought to make BAs more accountable for the use, disclosure and security of protected health information (PHI). BAs, and their subcontractors, now face HIPAA enforcement actions and are directly liable for violating the HIPAA Security Rule, as well as certain provisions of the Privacy and Breach Notification Rules.
The Final Rule extended the definition of “business associate” to include a “subcontractor that creates, receives, maintains, or transmits protected health information on behalf of the business associate.” Although the Final Rule has been in effect since September 23, 2013, most BAs, and subcontractors, are not compliant and many don’t know where to start. Do you? If you create, receive, maintain or transmit PHI, you should attend this webinar to learn more about What Business Associates and Subcontractors Need to Know About HIPAA.
This session is offered as a 75-minute webinar using the GoToWebinar platform. The open format encourages questions during and after the session. Attendees will receive the presentation materials following the event.
In this live session, attendees will learn how to:
- Communicate your commitment to privacy and security of all PHI
- Engage with customers and business partners directly on compliance requirements
- Clarify requirements to do business with one another
- Clarify your current Privacy, Security and Breach Notification requirements under the Final Rule
- Find resources to assist CEs, BAs and Subcontractors in managing partner relationships
Date & Time
11 am – 12.15 pm CDT
Register for the 6/30 webinar
Business associates of HIPAA covered entities, became statutorily obligated to comply with the HIPAA Security Rule in February 2010, a year after The HITECH Act was passed. Prior to the HITECH Act, business associates were only contractually liable to covered entities under their business associate agreements (BAAs). Although a BA, or subcontractor, can still be held contractually liable for breaching provisions of the BAA, the Final Rule makes business associates and subcontractors directly liable to the Office for Civil Rights (OCR) for violating certain provisions of HIPAA. Thus, BAs and their subcontractors are subject to civil and criminal penalties under HIPAA.
CEs, BAs and their respective subcontractors create a “chain of trust” or “custody of trust” when it comes to creating, receiving, maintaining or transmitting PHI and electronic PHI (ePHI). With the surge in the amount of PHI being exchanged, ensuring its protection is a huge challenge that depends on alignment of privacy and security goals.
Most BAs and their Agents/Subcontractors are not compliant and many don’t know where to start. Do you?
If you create, receive, maintain or transmit PHI, you should attend this webinar to learn more about What Business Associates and Subcontractors Need to Know About HIPAA. You’ll benefit by learning about:
- Significant increases in enforcement.
- Higher penalties and non-compliance fines.
- The much wider net being cast to include Business Associates and their Subcontractors as entities who must comply.
- All registrants will receive a copy of all slide materials.