Will New Subcontractor Rules Limit Breaches?
HEALTHCARE PRIVACY—U.S.January 30, 2013
With the new HIPAA omnibus rule in place, HealthITSecurity reports on how organizations will vet business associate agreements (BAAs) and whether this will limit the number of data breaches. Mintz Levin Partner Dianne Bourque said liability concerns around a subcontractor’s mistakes could alter the BAA decision-making process by healthcare organizations. The Office for Civil Rights (OCR) states a high number of breaches are the result of noncompliance by business associates (BAs), Bourque said, adding, the OCR sees covered entities and BAs the “same way, no matter how far downstream the information is passed, the same obligations and liabilities apply.” The result, Bourque contends, is that organizations may “think twice about who they (or their BAs) hire as subcontractors.” Meanwhile, the Center for Democracy & Technology’s Deven McGraw highlights changes from the new rule. Editor’s Note: McGraw will join Wiley Rein Partner Kirk Nahra, CIPP/US, on the upcoming web conference, HIPAA Final Omnibus Rule Announced—Privacy, Security, Enforcement and Breach Notification Rules Modified, on February 7.