Business Associates - Size Doesn't Matter!

Episode 69: Know The Rules! Business Associates – Size Doesn’t Matter!

Size Doesn’t Matter That’s right folks – your size doesn’t matter when it comes to HIPAA compliance. When it comes to HIPAA everyone who creates, receives, maintains, stores, and/or transmits protected health information is required by law to comply. Did You Know? Business Associates (BAs) were invited to the HIPAA party in February 2013, when […]

Episode 49: Know The Rules! 2018 Wall of Shame Business Associate Breaches

Health & Human Services (HHS) Wall of Shame Covered Entities (CEs) are not alone when it comes to experiencing a healthcare breach. Business Associates (BAs) are at a greater risk by their limited knowledge, understanding, and/or implementation of the HIPAA Security and Breach Notification Rules in their organization. HIPAA Breach Notification Rule The HIPAA Breach […]


Episode 33: Know The Rules! Case Study: Business Associate Breach

Today, I am presenting a case study on the chain of events after a Business Associate breach of electronic protected health information (ePHI). Business Associates (BAs) YOU may be directly liable for violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and Breach Notification Rule as well as certain provisions of the […]

Business Associates Due Diligence

Episode 18: Know The Rules! Business Associates Due Diligence

Have You Done Your Business Associates Due Diligence? Covered Entities (CEs) are often exposed to unidentified risks through the use of Business Associates (BAs), each bring their own unique risks. CEs need to perform a Business Associates Due Diligence review to examine how they manage each of their BA relationships in order to understand and […]


Episode 11: Know The Rules! Business Associates HIPAA Security Risk Analysis

Did you know? All Business Associates (BAs) are required to perform a risk analysis to identify their potential administrative, physical and technical security risks to PHI. Required and Addressable Implementation Specifications Covered Entities (CEs) and BAs are required to comply with every Security Rule “Standard.” However, the Security Rule categorizes certain implementation specifications within those […]

HIPAA Compliance

Episode 9: Know The Rules! HIPAA Compliance – Who Has To Comply?

HIPAA Compliance In 2013, the final Omnibus Rule becomes effective on March 26, 2013, requires Covered Entities (CEs) and Business Associates (BAs) of all sizes to follow HIPAA compliance with most of the HIPAA rule’s provisions, including the modifications to the Breach Notification Rule and the changes to the HIPAA Privacy Rule. These days most […]


Episode 5: Know The Rules! Business Associates Don’t Let This Happen To You!

Did you know? In 2013, the Final Omnibus Rule updated the HIPAA Security Rule and Breach Notification clauses of the HITECH Act. As a result every Business Associate (BA) that creates, receives, maintains, or transmits electronic Protected Health Information (ePHI) is required to perform a comprehensive enterprise-wide HIPAA Security Risk Analysis (Per: §164.308(a)(1)(ii)(A)). This means […]

Healthcare Business Associates

Episode 1: Know The Rules! Healthcare Business Associates

Healthcare Business Associates – Did You Know? The HIPAA Privacy, Security, and Breach Notification Rules apply to both Covered Entities (CEs) and their Business Associates (BAs). Healthcare providers and dentists, referred to as CEs, outsource many of their daily administrative activities to third parties and their subcontractors, referred to as BAs, to provide specific health […]


Business Associates – HIPAA Security Rule Applies To YOU Too!

Did You Know? The HIPAA Security Rule requires Covered Entities (CEs) and Business Associates (BAs) to “implement a security awareness and training program for ALL members of its workforce (including management)” 45 C.F.R. § 164.308(a)(5)(i). Note: the emphasis on ALL members of the workforce, because ALL workforce members can either be guardians of the entity’s […]

Healthcare Business Associate

Healthcare Business Associate

Am I A Healthcare Business Associate? A healthcare Business Associate (BA) is a person or entity contracted to perform certain functions or activities that involve the use or disclosure of Protected Health Information (PHI) to provide services for a Covered Entity (CE). CE’s are required to identify who their BA’s are and confirm there is […]