On June 28, 2023 the HHS Office for Civil Rights published results of its investigation into HIPAA violations by a Business Associate (BA) that provides important guidance and clarification of the requirements for BA HIPAA compliance. Covered Entities (CEs) are deeply entangled with the HIPAA compliance of their BAs by law and contract. This webinar builds on the June 28, 2023 HIPAA enforcement settlement to explain newly clarified BA HIPAA compliance clearly and the significant lessons for CEs. The chain of HIPAA compliance starts with a CE. It extends to a BA that provides a CE with services involving PHI. And the chain of compliance continues on down to any subcontractors of a BA that perform services involving PHI. BA subcontractors are defined by HIPAA as BAs and are fully liable for compliance.

During the first six months of 2023 major health information breaches reported to HHS affected nearly double the number of individuals affected during the same period last year. And about half of them were victims of BA breaches. Criminals focus on attacking BAs because one hit can give them access to PHI of all the BA’s customers – and, according to one expert, BAs are the weakest link – the unlocked window that criminals crawl through.

Serious BA PHI breaches have attracted aggressive private class action lawsuits filed within days of a breach targeting BAs and their CE customers. 

CEs that did nothing wrong can be held liable to pay the same civil money penalty as their BA for the BA’s HIPAA violation under the Federal Common Law of Agency which is included in the HIPAA Enforcement Rule. 

Simple steps, often overlooked but easy to follow, enable BAs and CEs to protect against costs and damage to their reputations caused by BA HIPAA violations. of HIPAA Rules that apply to BAs. 

• CEs must obtain “satisfactory assurances” from each BA, documented in writing, that the BA complies with HIPAA before disclosing PHI to the BA or allowing the BA to create, receive, maintain or transmit PHI on their behalf.

• BAs must obtain “satisfactory assurances” from each Subcontractor BA, documented in writing, that the Subcontractor BA complies with HIPAA before permitting the Subcontractor BA to perform services involving PHI.

Why Should You Attend:

CEs can find themselves fully liable for HIPAA violations committed by BAs and BAs for violations committed by Subcontractors under the little known Federal Common Law of Agency. However, risks associated with BA HIPAA compliance can be managed calmly and confidently by following the HIPAA Rules that are easy to follow, step-by-step.

BAs should attend this webinar to see exactly what they must do to comply with HIPAA Rules – Security, Privacy and Breach Notification Rules. And what to look for in Due Diligence and how to obtain HIPAA required satisfactory assurances that a Subcontractor BA is complying with HIPAA while avoiding liability by inadvertently making a Subcontractor BA their agent.  

CEs should attend to see what to look for in Due Diligence, how to obtain HIPAA required satisfactory assurances that a BA is complying with HIPAA and avoid liability by inadvertently making a BA their agent.

Course Objectives:

This webinar explains the interconnected HIPAA compliance responsibilities and liabilities of CEs and BAs. HIPAA Rules that apply to both are easy to follow, step-by-step, when you know the steps.

Course Outline:

• Important New Business Associate HIPAA Enforcement

• Entangled HIPAA compliance Responsibilities/Liabilities of BAs and CEs

o Due Diligence

• Explanation of how HIPAA Rules apply to BAs

o Privacy, Breach Notification and Security Rules 

• Business Associate Agreements and the key Agency Issue – Don’t make your BA or Subcontractor BA your legal agent by mistake 

• Tips for Your Organization’s HIPAA Compliance Program – Review, Revise, Develop, Implement – Step-by-Step

What You Get:

• Training Materials

• Live Q&A Session with our Expert

• Participation Certificate

• Access to Signup Community (Optional)

• Reward Points

Who Will Benefit:

• CE Owner – CEO – COO Compliance Manager 

• Board of Directors – for profit and non-profit CEs

• Healthcare Practice Manager

• Administrator, Long Term Care Facility

• BA Owner – CEO – COO

• Security and Privacy Officers

• Compliance, Information Security and Risk Management Directors

• Business Manager

• Attorney – General Counsel, Associate General Counsel, Inside Compliance Attorney, Outside Health Law Attorney