HHS Publishes Fact Sheet on Direct Liability of Business Associates Under HIPAA

On May 24, 2019, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued a new fact sheet providing a compilation of all provisions through which a business associate may be held directly liable with the HIPAA Privacy, Security, Breach Notification, and Enforcement regulations.

Under the Final Rule issued in 2013, OCR has the authority to take enforcement actions against business associates for some, but not all, of the requirements and prohibitions set forth in the HIPAA regulations. The fact sheet provides a convenient list of violations for which a business associate may be held directly liable.

Fact Sheet:


Share This Post:

Search Billing News

Billing News By TAG

Billing News By DATE