HIPAA Business Associates, those entities that provide services to HIPAA Covered Entities and other HIPAA Business Associates, have an increasing role to play in healthcare today.

From hosted EHR systems to Telemedicine platforms, from remote backup to e-mail hosting, a wide variety of entities create, receive, maintain, or transmit Protected Health Information on behalf of a HIPAA entity. These relationships must be adequately documented, and the practices of the Business Associate must be vetted to ensure the privacy and security of PHI.

HIPAA Business Associates include any business that creates, receives, maintains, or transmits any Protected Health Information on behalf of a HIPAA Covered Entity or Business Associate. Even sub-contractors of Business Associates are also treated as business associates, and they may not even be aware they have become HIPAA Business Associates. In addition, new guidance has outlined the compliance liabilities for HIPAA Business Associates, while massive security breaches by HIPAA Business Associates grab headlines every day.

Business Associate Agreements are not to be entered into lightly. The requirements have a direct impact on what needs to be put into the business associate agreements you establish, and when they must be established. In essence, if you act as a Business Associate under HIPAA, you are a HIPAA Business Associate and you therefore must have the proper agreement in place. Even organizations that are arranged as Affiliated Covered Entities or Organized Health Care Arrangements may sometimes need to have Business Associate relationships formalized, depending on the activities involved.

In addition, Business Associates may need to provide for their covered entity clients rights of individuals to receive electronic copies of information held electronically, ask for certain restrictions on disclosures, and other capabilities that covered entities must have in place, depending on what is called for in the agreement.

All kinds of covered entities, and now, business associates of covered entities as well, need to review their HIPAA compliance, policies, and procedures to see if they are prepared to meet the challenges of compliance today.

In addition, Business Associates have emerged as a leading source of health information breaches, and we will discuss what covered entities should do to ensure good practices by their Business Associates in order to avoid the considerable expense of breaches.

Areas Covered in the Session:-

• Understand what qualifies as a HIPAA Business Associate, and how HIPAA BAs may relate to other organizational structures, such as Organized Health Care Arrangements, Affiliated Covered Entities, and Hybrid Entities
• Evaluate HIPAA Business Associate Agreements for sufficiency of content and fairness
• Include HIPAA Business Associates in your HIPAA Risk Analysis to determine the appropriate safeguards for protecting information security
• Know where the line is drawn in the responsibilities that HIPAA BAs have for compliance and the responsibilities that remain with the Covered Entities
• Understand how HIPAA BAs need to adequately consider their responsibilities to protect both the BA and the Covered Entity in the event of incidents or breaches of confidential information
• Know the kinds of enforcement actions that have taken place involving HIPAA Business Associates, and how to prevent violations leading to enforcement action.

Why you should Attend:- 

In this practical webinar, you will learn about the requirements under the Health Insurance Portability and Accountability Act of 1996 to properly manage relationships with those entities hired to work on behalf of a HIPAA Covered Entity: HIPAA Business Associates.

Business Associates take on certain liabilities and compliance obligations, but some liabilities and obligations remain with the hiring entity. The hiring entity needs to evaluate the risks involved with using a Business Associate and establish the appropriate rules of operation for managing HIPAA Protected Health Information.

The greater the amount of health information involved, the greater the risk, and your HIPAA Security Risk Analysis must consider the risks involved with your Business Associates and plan to mitigate those risks where appropriate.

And it is also essential to ensure the proper Business Associate relationships are defined in more complex situations involving Affiliated Covered Entities and Organized Health Care Arrangements. In some instances, the US Department of Health and Human Services and state attorneys general are now vigorously enforcing the rules involving HIPAA Business Associates, and entities that do not manage the relationship properly can pay multi-million-dollar penalties in enforcement actions.

In addition to contracted obligations, HIPAA Business Associates are now covered directly under the HIPAA Privacy Rule’s use and disclosure limitations, the Security Rule’s safeguard provisions, and the Breach Notification Rule’s notification requirements.

HIPAA Business Associates are responsible for their own compliance with the regulations and may be held directly liable for any violations of the regulations.

Who Will Benefit:-

• CEO
• HIPAA Privacy Officers
• HIPAA Security Officers
• Information Security Officers
• Risk Managers
• Compliance Officers
• Privacy Officers
• Health Information Managers
• Information Technology Managers
• Information Systems Managers
• Medical Office Managers
• Chief Financial Officers
• Systems Managers
• Chief Information Officer
• Healthcare Counsel/lawyer
• Operations Directors