Avoid Business Associate Danger! - HIPAA BA Compliance Explained

90 Minutes
Paul R. Hales
Webinar Id:


One Attendee
Unlimited Attendees ?


Business Associate HIPAA violations are in the spotlight - and in the crosshairs of OCR regulators and class action lawyers. Covered Entities can be directly and equally liable for costs of violations by their Business Associates due the little known Federal Common Law of Agency incorporated in the HIPAA Enforcement Rule.

This webinar is for HIPAA Business Associates (BAs) and Covered Entities (CEs). CEs and BAs can prevent these dangers easily by following simple HIPAA Rules that are often overlooked or misunderstood.

The dangers of BA HIPAA violations is emphasized dramatically by numerous class action lawsuits underway across the country following HIPAA breaches by BAs that exposed the Protected Health Information (PHI) of tens of millions of patients.

BAs are liable for complying with the HIPAA Rules and CEs must document satisfactory assurances that their BAs comply with HIPAA before disclosing PHI to a BA or allowing a BA to create, receive, maintain or transmit PHI on their behalf. The chain of compliance and liability follows PHI from a CE to its BA and down through the BA’s Subcontractors.

Why you should Attend: CEs can find themselves fully liable for HIPAA violations committed by BAs and BAs for violations committed by Subcontractors under a little known Federal agency law. However, risks associated with BA HIPAA compliance can be managed calmly and confidently by following the HIPAA Rules that are easy to follow, step-by-step as this webinar explains.

BAs should attend this webinar to see exactly what to do to comply with HIPAA. They are liable for compliance with the entire HIPAA Security Rule and parts of the HIPAA Privacy and Breach Notification Rules. But it is easy to be unsure about what BAs must do to comply with their Privacy and Breach Notification Rule requirements.

CEs should attend to see what to look for in Due Diligence and how to obtain the necessary satisfactory assurances that a BA is complying with HIPAA.

Areas Covered in the Session: This webinar explains how to understand and follow HIPAA Rules for BAs clearly and logically according to the following agenda:

  • Serious Dangers of Business Associate HIPAA Violations
  • Brief review of current OCR BA Enforcement and Class Action lawsuits based on BA HIPAA violations
  • Brief Background of the HIPAA Rules for BAs including CE Due Diligence for BAs and BA Due Diligence for Subcontractor BAs
  • Who’s in Charge? – Responsibility & Authority
  • Top management is responsible for HIPAA compliance and CEs may delegate authority to develop and implement the HIPAA compliance program to a Privacy and Security Official. However, HIPAA directs BAs only to identify a Security Official to develop and implement Security Rule policies and procedures but not designate a Privacy Official to develop and implement their required Privacy and Breach Notification Rule policies and procedures. We explain how a BA can overcome this omission and develop and implement Privacy and Breach Notification Rule policies and procedures while still complying with the HIPAA limitation.
  • Business Associate Risk Analysis – Risk Management Risk Analysis and Risk Management are the most widespread failings of BAs and CEs. We describe what to do simply and clearly
  • Business Associate Privacy Rule Compliance Requirements
  • Business Associate Breach Notification Rule Compliance Requirements
  • Business Associate Agreements and the key Agency Issue – Don’t make your Ba or Subcontractor BA your legal agent by mistake like many do

Who Will Benefit:
  • Compliance Manager
  • Chief Information Security Officer
  • Chief Information Officer
  • Chief Compliance Officer
  • Risk Management Director
  • Business Manager
  • Attorney - General Counsel, Associate General Counsel, Inside Compliance Attorney, Outside Health Law Attorney
  • Security Official
  • Privacy Official
  • BA Owner - CEO - COO
  • Healthcare Practice Manager
  • Administrator, Long Term Care Facility
  • CE Owner

Speaker Profile
Paul R. Hales, J.D. is widely recognized for his expert knowledge and ability to explain the HIPAA Rules clearly in plain language. Paul is an attorney licensed to practice before the Supreme Court of the United States and a graduate of Columbia University Law School with an international practice in HIPAA privacy and security. He is the author of all content in The HIPAA E-Tool®, an Internet-based, complete HIPAA compliance solution with separate editions for Covered Entities, Business Associates, Health Plans and Third Party Administrators.

You Recently Viewed