Reader Question: Don’t Forget BAs Are Liable for HIPAA Breaches, Too
Question: We know that our practice must comply with the HIPAA Breach Notification Rule and notify the impacted individuals if there’s a breach. Are our business associates (BAs) liable, too, or are they off the hook when it comes to notifying?
SuperCoder Subscriber
Answer: BAs, just like CEs, “have the burden of demonstrating that all required notifications have been provided or that a use or disclosure of unsecured protected health information did not constitute a breach,” cautions the HHS Office for Civil Rights (OCR) guidance.
In fact, much confusion exists over the role vendors and BAs...
To read the full article, sign in and subscribe to tci Medicare Compliance & Reimbursement.
Keep pace with evolving Medicare regulations — and onboard your team — with timely analysis of critical updates interpreted in an easy-to-follow, easy-to-apply format. Your subscription to TCI's Medicare Compliance & Reimbursement Alert will equip you to navigate code and guideline changes, CCI edits, and revisions to modifiers, payer policies, the fee schedule, OIG target areas, and more.
Current newsletters added each month
Fully searchable archives - over 4200 articles
ALL years/issues back to 2003 organized by year and issue
Codes mentioned in articles are linked to Code Information pages
Code Information pages link back to related articles
Access to this feature is available in the following products: