- Industry News
- Law & Malpractice
- Coding & Documentation
- Practice Management
- Finance
- Technology
- Patient Engagement & Communications
- Billing & Collections
- Staffing & Salary
Practice tip of the week: Times you can be held liable for a business associate’s HIPAA breach
Your weekly dose of wisdom from the Physicians Practice experts.
With all the useful information available on Physicians Practice, it is easy to become overwhelmed.
With this in mind, the tip of the week is a chance to reflect on some of the wisdom found all across the site. In the April 2021 slideshow on times you can be held liable for a business associate’s HIPAA breach, P.J. Cloud-Moulds writes the following:
The provider, and in certain situations its business associate, have direct liability under HIPAA, meaning that should either party breach certain aspects of the HIPAA Rules, the HHS Office for Civil Rights (OCR) may bring an enforcement action directly against that party. Recently, the OCR issued a fact sheet that specifically identifies the only situations where a business associate has direct liability under HIPAA.
Those 10 situations are:
1). Failure to provide the secretary of HHS with records and compliance reports.
2). Taking any retaliatory against any individual or other person filing a HIPAA complaint.
3). Failure to comply with the requirements of the Security Rule.
4). Failure to provide breach notification to a covered entity or another business associate.
5). Impermissible uses and disclosures of PHI.
Click here to read the rest of the article and be sure to check back next week for another Tip of the Week!
Certifying Your Communications Technology is Secure
July 5th 2021Physicians Practice® spoke with Michael Parisi, Vice President of assurance strategy and Community Development at high trust Alliance, about how physicians and practice owners can discern whether or not communications technology they are interested in integrating into their practice is certified secure.
