Skip to Content

OCR Releases Fact Sheet on Direct Liability of Business Associates under HIPAA

The Office for Civil Rights (OCR) released a new fact sheet on May 24, which provides a “compilation of all provisions through which a business associate can be held directly liable for compliance with certain requirements of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (“HIPAA Rules”), in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.” Under HITECH, OCR was granted the authority to issue a final rule and take enforcement action against any business associates who do not meet the rule requirements.
The fact sheet, along with other guidance from OCR can be found here.  

Current View