{"title":"The law of unintended (financial) consequences: the expansion of HIPAA business associate liability.","authors":"Jonathan P Tomes","doi":"","DOIUrl":null,"url":null,"abstract":"<p><p>The recent Omnibus Rule published by the Department of Health and Human Services greatly expanded liability for breaches of health information privacy and security under the HIPAA statute and regulations. This expansion could have dire financial consequences for the health care industry. The Rule expanded the definition of business associates to include subcontractors of business associates and made covered entities and business associates liable for breaches of the entities who perform a service for them involving the use of individually identifiable health information under the federal common law of agency. Thus, if a covered entity or its \"do wnstream\" business associate breaches security or privacy, the covered entity or \"upstream\" business associate may face HIPAA's civil money penalties or a lawsuit. Financial managers need to be aware of these changes both to protect against the greater liability and to plan for the compliance costs inherent in effectively, if not legally, making business associates into covered entities.</p>","PeriodicalId":56181,"journal":{"name":"Journal of Health Care Finance","volume":"39 4","pages":"28-35"},"PeriodicalIF":0.0000,"publicationDate":"2013-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Health Care Finance","FirstCategoryId":"1085","ListUrlMain":"","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"Medicine","Score":null,"Total":0}
引用次数: 0
Abstract
The recent Omnibus Rule published by the Department of Health and Human Services greatly expanded liability for breaches of health information privacy and security under the HIPAA statute and regulations. This expansion could have dire financial consequences for the health care industry. The Rule expanded the definition of business associates to include subcontractors of business associates and made covered entities and business associates liable for breaches of the entities who perform a service for them involving the use of individually identifiable health information under the federal common law of agency. Thus, if a covered entity or its "do wnstream" business associate breaches security or privacy, the covered entity or "upstream" business associate may face HIPAA's civil money penalties or a lawsuit. Financial managers need to be aware of these changes both to protect against the greater liability and to plan for the compliance costs inherent in effectively, if not legally, making business associates into covered entities.
期刊介绍:
The Journal of Health Care Finance is the only quarterly journal devoted solely to helping you meet your facility"s financial goals. Each issue targets a key area of health care finance. Stay alert to new trends, opportunities, and threats. Make easier, better decisions, with advice from industry experts. Learn from the experiences of other health care organizations. Experts in the field share their experiences on successful programs, proven strategies, practical management tools, and innovative alternatives. The Journal covers today"s most complex dollars-and-cents issues, including hospital/physician contracts, alternative delivery systems, generating maximum margins under PPS.
分享
京公网安备 11010802042870号
京ICP备2023020795号-1
求助内容:
应助结果提醒方式:
扫码关注我们
