September 16, 2016
More and more, HIPAA breaches are being caused by the Business Associates (BAs) of HIPAA covered entities (CEs). PrivaPlan’s President David Ginsberg says, “These expose both the CE and the BA to HIPAA enforcement, as well as the cost of breach notification and reputation damage.”
For example, a stolen laptop led to a Minnesota health care system agreeing to pay $1.55 million because, in large part, it violated HIPAA by failing to enter into a BA agreement with a major contractor.
BAs aren’t exempt to fines either. Consider a breach that occurred when an employee cell phone was stolen from a Pennsylvania nursing home; the BA agreed to a $650,000 HIPAA settlement because it had failed to encrypt the protected health information (PHI).
Ginsberg says that some organizations may not even know that they are business associates. According to the latest definition, any entity that “creates, receives, or transmits” PHI on behalf of a HIPAA covered entity is now considered a BA and directly liable for non-compliance.
Knowledge is one of the best safeguards for everyone involved with PHI. On Wednesday, October 12, from noon to 1 pm (MDT), PrivaPlan will present a live webcast, “Business Associates + HIPAA Risk Management,” that will address several key issues, including:
- Recent HIPAA Enforcement Settlements involving Business Associates
- The Office for Civil Rights Phase 2 audits of Business Associates
- What a covered entity must require of a business associate in terms of its safeguards
- A discussion on if/how Business Associates should be “HIPAA certified”
- The best practices for Business Associates in terms of HIPAA compliance
- BA HIPAA policies and procedures
Sign up for this invaluable webcast by Friday, September 23 and get the early bird rate. Click here to register.
At PrivaPlan, our HIPAA experts can take the anxiety out of ensuring that BA agreements are current and we’ll validate that an agreement with the proper language is in place for every vendor who is a BA.
Contact us at firstname.lastname@example.org or call 877-218-7707.