MYTH: A business associate’s scope of liability is determined by the terms of its business associate agreement with a covered entity.
FACT: Under the HITECH Act’s amendments to HIPAA, business associates are directly liable for compliance with the Privacy and Security Rules
The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) changed how HIPAA applies to business associates. These changes were codified in the omnibus Final Rule published by HHS on January 17, 2013. Now, specific requirements of the Privacy Rule apply to business associates and make them directly liable for noncompliance with those requirements in addition to any requirements included in their business associate agreements with covered entities. To learn more about how HIPAA's provisions apply to business associates, and what business associates are required to do, read our Myth Buster.
Enter the password to open this PDF file:
.png)