Health Information Management

Business associates could pay for breaches

HIM-HIPAA Insider, February 9, 2010

Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Business associates can be directly liable for a breach of unsecured protected health information (PHI) and could have to pay the Office for Civil Rights (OCR) directly, Sue McAndrew, deputy director for Health Information Privacy for OCR said at the 18th Annual National HIPAA Summit February 3.
 
"Business associates going forward will be directly liable for violations that occur in their possession," McAndew said. "The fines would be imposed upon the BA, and if they can't pay, we send them to jail."
 
McAndrew laughed at the line about "jail," and said it was in jest. However, she went on to say OCR would consider waiving—or decreasing—some of the penalties after an assessment of the financial state of a violating hospital. She also said that the "settlement door is always open."
 
Click here to read the full article.



Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!

Most Popular