HIPAA Rules for Business Associates & Lurking Danger for Covered Entities

Date: Monday March 4, 2024

10:00 AM PST | 01:00 PM EST

Duration: 60 Minutes
Instructor: Paul R. Hales
Webinar Id: 803873


One Attendee
Unlimited Attendees


One Attendee
Unlimited Attendees ?


Live + Recorded
$269 $318  
One Attendee
Live + Recorded
$599 $678  
Unlimited Attendees ?


This webinar is for HIPAA Business Associates (BAs) and Covered Entities (CEs). Criminals increasingly focus cyber-attacks on BAs because one hit can give them access to PHI of all the BA's customers.

Growth of serious BA PHI breaches affecting tens of millions of patients put the spotlight on BA HIPAA compliance, attracting HHS Office for Civil Rights investigations and aggressive private class action lawsuits filed within days of a breach targeting BAs and their CE customers.

CEs that did nothing wrong can still be held liable to pay the same civil money penalty as their BA for the BA's HIPAA violation under the Federal Common Law of Agency which is included in the HIPAA Enforcement Rule.

Simple steps, often overlooked but easy to follow, enable CEs and BAs to protect against costs and damage to their reputations caused by violations of HIPAA Rules that apply to BAs. The chain of HIPAA compliance starts with a CE.

It extends to a BA that provides a CE with services involving PHI. And the chain of compliance continues on down to any subcontractors of a BA that perform services involving PHI. BA subcontractors are defined by HIPAA as BAs and are fully liable for compliance.

  • CEs must obtain "satisfactory assurances" from each BA, documented in writing, that the BA complies with HIPAA before disclosing PHI to the BA or allowing the BA to create, receive, maintain or transmit PHI on their behalf.
  • BAs must obtain "satisfactory assurances" from each Subcontractor BA, documented in writing, that the Subcontractor BA complies with HIPAA before permitting the Subcontractor BA to perform services involving PHI.

This webinar explains the interconnected HIPAA compliance responsibilities and liabilities of CEs and BAs. HIPAA Rules that apply to both are easy to follow, step-by-step, when you know the steps.

Why you should Attend: CEs can find themselves fully liable for HIPAA violations committed by BAs and BAs for violations committed by Subcontractors under the little known Federal Common Law of Agency. However, risks associated with BA HIPAA compliance can be managed calmly and confidently by following the HIPAA Rules that are easy to follow, step-by-step.

CEs should attend to see what to look for in Due Diligence, how to obtain HIPAA required satisfactory assurances that a BA is complying with HIPAA and avoid liability by inadvertently making a BA their agent.

BAs should attend this webinar to see exactly what they must do to comply with HIPAA Rules – Security, Privacy and Breach Notification Rules. And what to look for in Due Diligence and how to obtain HIPAA required satisfactory assurances that a Subcontractor BA is complying with HIPAA while avoiding liability by inadvertently making a Subcontractor BA their agent

Areas Covered in the Session:
  • HIPAA Rules that apply to CEs in dealing with BAs and that BAs must follow are discussed and explained including:
    • HIPAA - HIPAA Law and the HIPAA Rules
    • Business Associate Liability for HIPAA Compliance
    • Covered Entities & Business Associates
      • Entangled Responsibilities - Chain of Trust
      • Business Associate Agreements and the key Agency Issue
      • Due Diligence
    • Mandatory Business Associate HIPAA Compliance
      • Security, Privacy and Breach Notification Rules
    • OCR's Corrective Action Plan and Guidance
      • How to Review, Revise, Develop and Implement your HIPAA Compliance Program

Who Will Benefit:
  • Covered Entities of all types who disclose PHI to BAs and allow BAs to create, receive, maintain and transmit PHI on their behalf
  • Business Associates of all types including for example:
    • Billing and Coding companies
    • Practice Management Companies
    • IT Vendors
    • Data Storage firms (electronic and paper)
    • Secure and unsecure providers of PHI email and text message services
    • Vendors of patient satisfaction surveys
    • PHI record retrieval and release of information vendors
    • Law and Accounting Firms
    • Health Plan Third Party Administrators

Speaker Profile
Paul R. Hales, J.D. is widely recognized for his expert knowledge and ability to explain the HIPAA Rules clearly in plain language. Paul is an attorney licensed to practice before the Supreme Court of the United States and a graduate of Columbia University Law School with an international practice in HIPAA privacy and security. He is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Covered Entities, Business Associates, Health Plans and Third Party Administrators.

You Recently Viewed