We’ve found that often the Business Associates of our clients in healthcare — physician’s practices, hospitals, insurance companies and even government entities — have not fully complied with their HIPAA obligations to protect sensitive data.  This is why we have developed a library of HIPAA policy templates for business associates which make compliance easier than ever.

Examples of HIPAA Violation fines for Business Associates

• In 2012, Accretive Health, a HIPAA Business Associate of North Memorial Healthcare of Minnesota, agreed to a $2.5 million HIPAA settlement with Minnesota Attorney General Lori Swanson.  More details are available at Wake-Up Call for Business Associates which includes more information on the case.
• Catholic Health Care Services of Philadelphia, a Business Associate which provides management and information technology services to six skilled nursing facilities, during June of 2016, agreed to a $650,000 settlement involving multiple violations.  Among the issues was the lack of policies regarding mobile devices and what to do in the event of a security incident.  The HHS Office of Civil Rights press release regarding the matter contains more details.

What the government mandates:   Effective in 2013, HIPAA directly regulates HIPAA Business Associates.  Business Associates are obligated to comply with the entire HIPAA Security Rule and Breach Notification Rule and portions of the Privacy Rule.  As a starting point, this requires an entire set of written policies and procedures for compliance with both the HIPAA regulations and the provisions of the HIPAA Business Associate Agreement — Click here for a listing of the provisions of the HIPAA Business Associate Agreement at the HHS.gov site.

Eagle’s HIPAA policy templates for business associates helps you meet these government requirements.