Business Associates and HIPAA Omnibus

Clarifying the New Responsibilities
What are the responsibilities of business associates under the HIPAA Omnibus Rule? And how should covered entities work with BAs on compliance? Security expert Mac McMillan explains.

The HIPAA Omnibus Rule clarifies that business associates who receive, create, transmit or maintain protected health information must be HIPAA compliant, McMillan notes.

"If you know you're a business associate ... you should conduct a risk assessment right now," McMillan says during an interview with HealthcareInfoSecurity at the 2013 HIMSS Conference in New Orleans. The risk assessment needs to identify gaps in programs to protect patient data.

Under the HIPAA Omnibus Rule, business associates can now be directly investigated by the Department of Health and Human Services for breaches. Although business associates must notify covered entities of breaches, "the covered entity is responsible for notifying victims," McMillan explains.

In the interview, McMillan also discusses:

  • Responsibilities of business associates under HIPAA Omnibus;
  • What business associates need to know about managing subcontractors;
  • Tips for covered entities in managing business associates under HIPAA Omnibus.

McMillan is co-founder and CEO of CynergisTek Inc. an Austin, Texas-based firm specializing in information security and regulatory compliance in healthcare, financial services and other industries. He has more than 30 years of security and risk management experience, including 20 years at the Department of Defense, most recently at the Defense Threat Reduction Agency. He is also chair of the Healthcare Information and Management Systems Society's privacy and security task force.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.