HIPAA: When are Business associates directly liable to safeguard PHI

The HHS Office for Civil Rights (OCR) issued the last standard in 2013 to adjust the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules. Among different things, the last principle distinguishes arrangements of the HIPAA Rules that apply straightforwardly to business associates and for which business associates are legitimately liable.

As put forward in the HITECH Act and OCR’s 2013 last rule, OCR has the authority to take enforcement action against business associates in case if:

  • In the event that Business associates don’t cooperate with the secretary to provide complete access including protected health information (PHI) required to determine compliance. 1
  • Failure to provide breach notification to a covered entity or another business associate.2
  • Unauthorized use & disclosure of PHI3
  • Failure to disclose a copy of electronic PHI (ePHI) to either the covered entity, the individual, or the individual’s designee (whichever is specified in the business associate agreement) to satisfy a covered entity’s HIPAA obligations4
  • Failure to make reasonable efforts to limit the use of PHI to the minimum necessary to accomplish the intended purpose of the use, disclosure or request.5
  • Failure to provide an accounting of certain disclosures.6
  • Failure to enter into business associate agreements with subcontractors that create or receive PHI on their behalf, and failure to comply with the implementation specifications for such agreements.7
  • Failure to take reasonable steps to address a material breach or violation of the subcontractor’s business associate agreement.8
  • Inability to give breach notification to a covered entity or another business associate.9
  • Inability to comply with the requirements of the Security Rule.10

OCR also can take enforcement action if a BA objects against any individual for filing a HIPAA complaint, participating in an investigation or other enforcement process or opposing an act or practice that is unlawful under the HIPAA rules.

HIPAA compliance can be a long and complex process that is crucial to the successful operation of any successful business in the healthcare field. All of the security regulations must be known in great detail and the responsible entities must have the personnel to successfully institute the policies necessary under the HIPAA privacy laws. Telegenisys has instituted physical, technical and administrative safeguards to ensure that client data is safe from unauthorized access and complete compliance with HIPAA. Know more..


1 45 CFR §§ 160.310, 164.502(a)(4)(i). 2 45 CFR § 160.316. 3 45 CFR § 164.502(a)(3). 4 45 CFR § 164.502(a)(4)(ii). 5 45 CFR § 164.502(b). 6 HITECH Act § 13405(c)(3), 42 U.S.C. § 17935(c)(3) 7 45 CFR §§ 164.502(e)(1)(ii), 164.504(e)(5). 8 45 C.F.R. § 164.504(e)(1)(iii) 9 45 CFR §§ 164.410, 164.412. 10 HITECH Act § 13401, 42 USC § 17931

past medical history

Past medical history helps assess life expectancy

Past Medical History (PMH) is perhaps the most important section of doctors notes impacting longevity assessment.  When looked at medical conditions...

Impact of Family History on Life Expectancy

A hereditary disease is caused by genetic factors transmitted from parent to offspring. Family history is, therefore, an important consideration in...
life expectancy social history

The impact that social history has on life expectancy

In many parts of the world, life expectancy has been increasing steadily over the past few decades, due to increases in technology, medication, and...

Telegenisys supports law firm privacy compliance

Stephen Treglia writes in the New York Law Journal that "businesses are demanding law firms sign written agreements affirming their compliance with...

Telegenisys Geo codes lanes on more than 50,000 miles of US Highways

Satellite and Ariel image analysis is a core competency of Telegenisys Inc. Telegenisys frequently geo codes artifacts (objects) on the earth...

Containing health record costs in mass litigation

Gathering healthcare related evidence can run up considerable costs even before determining if there is a reasonable chance of making a valid claim....

Pin It on Pinterest