[duplicator icon=”lightbulb” stop=”11″ max=”12″ direction=”right” style=”simple” color=”#586784″]


[quote author_image=”https://0.gravatar.com/avatar/46ea4ef612341aa2420c448ca5f952b0?s=60&d=http%3A%2F%2F0.gravatar.com%2Favatar%2Fad516503a11cd5ca435acc9bb6523536%3Fs%3D60&r=G” size=”small” style=”simple”]

This is the paragraph that is written in one of the insurance company memo’s concerning the new federal privacy and security regulations:  “The HIPAA privacy and security standards now apply directly to business associates – meaning that you, as a business associate, are now subject to the direct jurisdiction and enforcement of the Secretary of Health & Human Services.”  (Bolded sections are by me.


[box icon=”info” style=”solid”]

Business Associates must follow the rules for HIPAA Omnibus Rule.  Protect your clients Personal History Information. Read more here on the U.S. Department of Health and Human Services website: https://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html “The HIPAA Rules apply to covered entities and business associates. Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangement with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules. If an entity  does not meet the definition of a covered entity or business associate, it does not have to comply with the HIPAA Rules.  See definitions of “business associate” and “covered entity” at 45 CFR 160.103.”