Chat with us, powered by LiveChat

Weren’t Business Associates Already Subject to HIPAA Before September 2013?

Before September 23rd, 2013, business associates were subject to upholding the provisions in the contracts by which they were governed. That meant that the contracts controlled the type, amount, and use of protected information a business associate was able to handle. Now through the new HIPAA policy changes, covered entities no longer determine the liability of a business associate.

Business associates, through the new policies enforced in September 2013, are now held accountable for all the actions they take that affect protected health information. That means that apart from entering into a contract that is compliant with the new HIPAA policies, a covered entity has no liability when it comes to what a business associate does with protected health information in the course of fulfilling their contractual obligations.

This is good news and bad news for covered entities. It means that covered entities don’t need to monitor or dictate a business associate’s every move. This makes for a much less labor intensive management of business associates.

It also means that there is greater responsibility placed on the covered entity for the violations and breaches of security that are discovered by covered entities. A covered entity can be charged with neglect if they discover or find evidence suggesting a violation or breach and do not take the appropriate steps in reporting it.

The largest change that both business associates and covered entities must be aware of is that business associates are now liable for being compliant in all their actions with protected health information.

If you don’t know where to start, we suggest learning more about our HIPAA compliance software which will help you conduct a HIPAA Security Risk Analysis and is the cornerstone of a good HIPAA Risk Management plan. This effort should identify gaps in compliance, identify vulnerabilities and provide reasonable suggestions to remedy any remediation items.  This is the expectation for Business Associates in addition to signing appropriate agreements with their healthcare clients.


  1. Hello,
    With the new rules from hipaa responsibility is increase on business associates. They are now more responsible for handling security and other issues.

Speak Your Mind