The Buck Stops Here for Business Associates Protecting PHI
It’s not news. It’s been over ten years since the Health Insurance Portability and Accountability Act (HIPAA) required Covered Entities (CEs) to meet certain requirements related to protected health informationi (PHI) through compliance with the Privacy Rule. Effective 2015, CEs were required to implement protections under the Security Rule. In 2009, the Health Information Technology for Economic and Clinical Health (HITECH) Act added new rules regarding Breach Notification and enforcement; and extended applicable compliance requirements directly to Business Associates (BAs) - those individuals or entities that perform activities involving PHI on behalf of CEs.