United States: Business Associates Beware: There Are New Rules, Audits, And Enforcement On The Horizon

The upcoming HIPAA Omnibus Rule is poised to transform an already challenging privacy and security landscape for business associates or those who provide services to HIPAA "covered entities." The HITECH Act has already imposed greater compliance responsibility on business associates and their subcontractors. The rules are set to change further and failure to comply can result in compliance reviews, investigations, seven figure financial penalties, and other sanctions. In fact, the Office for Civil Rights, the agency responsible for HIPAA enforcement, recently announced concerns regarding business associate HIPAA compliance and plans to target business associates in upcoming audits.

If this is not enough to keep your privacy officer and security officers busy, there are overlapping, and continually evolving, state data security laws that must be evaluated along with HIPAA in order to ensure full compliance with privacy and security requirements. It is critical to protect your organization on all fronts with respect to these laws.

Mintz Levin is following the developments related to the final HIPAA Omnibus Rule closely, and we will hold a webinar on the final Rule within days of its release. Please stay tuned for the invitation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.