Overview:
Business Associate HIPAA violations are in the spotlight - and in the crosshairs of OCR regulators and class action lawyers.
Covered Entities
can be directly and equally liable for costs of violations by their
Business Associates due the little known Federal Common Law of Agency
incorporated in the HIPAA Enforcement Rule.
This webinar is for HIPAA Business Associates (BAs) and Covered Entities (CEs).
CEs and BAs can prevent these dangers easily by following simple HIPAA Rules that are often overlooked or misunderstood.
The dangers of BA HIPAA violations is emphasized dramatically by
numerous class action lawsuits underway across the country following
HIPAA breaches by BAs that exposed the Protected Health Information
(PHI) of tens of millions of patients.
BAs are liable for complying with the HIPAA Rules and CEs must document
satisfactory assurances that their BAs comply with HIPAA before
disclosing PHI to a BA or allowing a BA to create, receive, maintain or
transmit PHI on their behalf. The chain of compliance and liability
follows PHI from a CE to its BA and down through the BA’s
Subcontractors.
Why you should Attend:
CEs can find themselves fully liable for HIPAA violations committed by
BAs and BAs for violations committed by Subcontractors under a little
known Federal agency law. However, risks associated with BA HIPAA
compliance can be managed calmly and confidently by following the HIPAA
Rules that are easy to follow, step-by-step as this webinar explains.
BAs should attend this webinar to see exactly what to do to comply with
HIPAA. They are liable for compliance with the entire HIPAA Security
Rule and parts of the HIPAA Privacy and Breach Notification Rules. But
it is easy to be unsure about what BAs must do to comply with their
Privacy and Breach Notification Rule requirements.
CEs should attend to see what to look for in Due Diligence and how to
obtain the necessary satisfactory assurances that a BA is complying with
HIPAA.
Areas Covered in the Session:
This webinar explains how to understand and follow HIPAA Rules for BAs clearly and logically according to the following agenda:
- Serious Dangers of Business Associate HIPAA Violations
Brief review of current OCR BA Enforcement and Class Action lawsuits based on BA HIPAA violations
- Brief Background of the HIPAA Rules for BAs including CE Due Diligence for BAs and BA Due Diligence for Subcontractor BAs
- Who’s in Charge? – Responsibility & Authority
- Top management is responsible for HIPAA compliance and CEs may
delegate authority to develop and implement the HIPAA compliance program
to a Privacy and Security Official. However, HIPAA directs BAs only to
identify a Security Official to develop and implement Security Rule
policies and procedures but not designate a Privacy Official to develop
and implement their required Privacy and Breach Notification Rule
policies and procedures. We explain how a BA can overcome this omission
and develop and implement Privacy and Breach Notification Rule policies
and procedures while still complying with the HIPAA limitation.
- Business Associate Risk Analysis – Risk Management
Risk Analysis and Risk Management are the most widespread failings of BAs and CEs. We describe what to do simply and clearly
- Business Associate Privacy Rule Compliance Requirements
- Business Associate Breach Notification Rule Compliance Requirements
- Business Associate Agreements and the key Agency Issue – Don’t make
your Ba or Subcontractor BA your legal agent by mistake like many do
Who Will Benefit:
- Compliance Manager
- Chief Information Security Officer
- Chief Information Officer
- Chief Compliance Officer
- Risk Management Director
- Business Manager
- Attorney - General Counsel, Associate General Counsel, Inside Compliance Attorney, Outside Health Law Attorney
- Security Official
- Privacy Official
- BA Owner - CEO - COO
- Healthcare Practice Manager
- Administrator, Long Term Care Facility
- CE Owner