Practice Liable When Business Subcontractors Violate HIPAA

September 2, 2013 – In The News
Medical Practice Compliance Alert

Michael Kline and Elizabeth Litten were featured in the Medical Practice Compliance Alert article “Practice Liable When Business Subcontractors Violate HIPAA.” While the full text can be found in the September 2, 2013 issue of Medical Practice Compliance Alert, a synopsis is noted below.

Under HIPAA’s “mega-rule,” medical practices are now held accountable for HIPAA violations made by business associates or any subcontractors they may use. In one well-publicized case, a violation occurred when a subcontractor of Stanford Hospital & Clinics emergency department posted billing records online.

According to Kline, subcontractors who are chosen by the practice to perform activities on their behalf are the cause of many security violations.

Litten advises deciding on how you want to approach the concept of subcontractors with access to patient data. “They’re your invisible business associates,” says Litten. “Determine how you want to treat them.”