Revenue Cycle Advisor May 31, 2019
The HHS Office for Civil Rights (OCR) issued a new fact sheet last week that clarifies the circumstances under which OCR may hold business associates (BA) directly liable.
In the New HHS Fact Sheet on Direct Liability of Business Associates under HIPAA, OCR explains that the HITECH Act, which was clarified in 2013, identified the provisions of HIPAA that apply directly to BAs. The fact sheet identifies 10 categories of violations for which OCR has the authority to hold BAs directly liable, stating that OCR has authority to take enforcement action against BAs only for those that appear on the following list:
- Failure to cooperate with HHS investigations and compliance reviews, including providing HHS with records, compliance reports, and...