Health Law | Privacy & Security
June 22‚ 2012
Business Associates Beware: There are New Rules, Audits, and Enforcement on the Horizon
The upcoming HIPAA Omnibus Rule is poised to transform an already challenging privacy and security landscape for business associates or those who provide services to HIPAA “covered entities.” The HITECH Act has already imposed greater compliance responsibility on business associates and their subcontractors. The rules are set to change further and failure to comply can result in compliance reviews, investigations, seven figure financial penalties, and other sanctions. In fact, the Office for Civil Rights, the agency responsible for HIPAA enforcement, recently announced concerns regarding business associate HIPAA compliance and plans to target business associates in upcoming audits.
If this is not enough to keep your privacy officer and security officers busy, there are overlapping, and continually evolving, state data security laws that must be evaluated along with HIPAA in order to ensure full compliance with privacy and security requirements. It is critical to protect your organization on all fronts with respect to these laws.
Mintz Levin is following the developments related to the final HIPAA Omnibus Rule closely, and we will hold a webinar on the final Rule within days of its release. Please stay tuned for the invitation.
* * *
View Mintz Levin’s Health Law attorneys.
Read and subscribe to Health Law & Policy Matters blog.
View Mintz Levin’s Privacy & Security attorneys.
Read and subscribe to Privacy & Security Matters blog.