“Business Associate” responsibility is the part of the Health Information Technology for Economic and Clinical Health (HITECH) enhancements to HIPAA and now the recently passed HIPAA Omnibus Rule that could rise up and bite you if you aren’t careful. Business associates (BAs) of entities that are covered by HIPAA are now directly liable for compliance with HIPAA’s security and privacy rules and can be audited and subjected to civil and criminal violation repercussions. That means if your company is a vendor or subcontractor for a healthcare organization, you now must prove compliance with HIPAA regardless of whether your contract with the healthcare organization requires it or not.
Read more here:
http://www.securityweek.com/game-changing-legislation-no-one-talking-about