Skip to main content

HITECH: Business Associates Beware - New Rules, Audits and Enforcement on the Horizon!


The upcoming HIPAA Omnibus Rule is poised to transform an already challenging privacy and security landscape for business associates or those who provide services to HIPAA “covered entities.” The HITECH Act has already imposed greater compliance responsibility on business associates and their subcontractors. The rules are set to change further and failure to comply can result in compliance reviews, investigations, seven figure financial penalties, and other sanctions. In fact, the Office for Civil Rights, the agency responsible for HIPAA enforcement, recently announced concerns regarding business associate HIPAA compliance and plans to target business associates in upcoming audits.

If this is not enough to keep your privacy officer and security officers busy, there are overlapping, and continually evolving, state data security laws that must be evaluated along with HIPAA in order to ensure full compliance with privacy and security requirements. It is critical to protect your organization on all fronts with respect to these laws.

Mintz Levin is following the developments related to the final HIPAA Omnibus Rule closely, and we will hold a webinar on the final Rule within days of its release.  Watch this space for the announcement!


Subscribe To Viewpoints


Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.