“Business Associate” responsibility is the part of the Health Information Technology for Economic and Clinical Health (HITECH) enhancements to HIPAA and now the recently passed HIPAA Omnibus Rule that could rise up and bite you if you aren’t careful. Business associates (BAs) of entities that are covered by HIPAA are now directly liable for compliance with HIPAA’s security and privacy rules and can be audited and subjected to civil and criminal violation repercussions. That means if your company is a vendor or subcontractor for a healthcare organization, you now must prove compliance with HIPAA regardless of whether your contract with the healthcare organization requires it or not.
About The Author
Debra Littlejohn Shinder is a technology and security analyst and author specializing in identity, security and cybercrime, utilizing her past experience as a police officer and police academy/criminal justice instructor. She has written numerous books and articles for web and print publications and has been awarded the Microsoft MVP designation for fourteen years in a row.