Connecting Your Business with the Industry’s Best
Print Access Find the right printer for the BEST results.
print Access

Who Must Be HIPAA Compliant?

Posted Thursday, April 6, 2017 by Jules VanSant.

alt textSource: KirkpatrickPrice

If you are just beginning to learn about HIPAA, you may be wondering, “Who must be HIPAA Compliant?” Up until 2009, the answer was simple: Covered Entities. But when the Health Information Technology for Economic and Clinical Health (HITECH) Act passed, it expanded the oversight of the Office for Civil Rights (OCR) to Business Associates. The HITECH Act was passed in 2009 to promote the adoption and meaningful use of health information technology (HIT).

The OCR’s proactive supervision will hold all covered entities and business associates responsible for their own compliance with the laws. According to the Omnibus Rule, business associates are being held directly responsible for their compliance with any relevant HIPAA laws. This means that business associate compliance will be a focus of the coming Phase 2 HIPAA enforcement actions.

Covered Entities are healthcare providers such as doctors’ offices, hospitals, health plans, or healthcare clearing houses. If your business is a covered entity preparing for Phase 2 of the OCR’s HIPAA Audit Program, we recommend that you prepare through Risk Analysis, Risk Management, Breach Reporting, and Privacy Notice and Access. Phase 2 audits of covered entities will focus on:

Business Associates are the vendors who provide services on behalf of Covered Entities. Right now, the OCR is conducting audits of business associates and assigning fines for lack of HIPAA compliance. For business associates, these audits will focus on Risk Analysis, Risk Management, and Breach Reporting to Covered Entities. If you are a business associate, we recommend that you prepare through:

KirkpatrickPrice can service both covered entities and business associates through: