HIPAA Compliance for Business Associates
In an exclusive interview, Forsheit explains how the proposal would require business associates to enter formal agreements with their subcontractors covering HIPAA compliance. Regulators clearly are "looking to push accountability for compliance down the chain" to help ensure patient information is protected, she adds.
- Describes how more companies would be defined as business associates under the proposal. Business associates are firms that serve hospitals, clinics, insurers and other "covered entities" and have access to protected health information.
- Provides guidance on the new details that should be included in all business associate agreements. This includes spelling out that associates must report breaches promptly to covered entities and must take specific steps to ensure their subcontractors are HIPAA compliant.
Forsheit is founding partner at Information Law Group.. She founded the firm after 12 years as a litigator and privacy/data security counselor at Proskauer Rose LLP, where, most recently, she was co-chair of the firm's international privacy and data security practice group. Certified as an information privacy professional by the International Association of Privacy Professionals, Forsheit works with clients to address legal requirements and best practices for protection of customer and employee information.