[ Saturday, January 19, 2013 ]
Third nugget: The HITECH revisions and the interim rule layered the concept of agency onto the business associate relationship, making the covered entity responsible for the actions of the business associate (and subject to the breach notification timetable based on when the business associate learned of the breach) if the business associate is the "agent" of the covered entity. The Omnibus Rule discusses the federal common law of agency thus: a business associate is not an agent if the business associate agreement sets the terms and conditions of the contractual obligations, and is an agent if the covered entity has enough control to direct the business associate in performing its tasks.
Jeff [1:44 AM]
Blogger: HIPAA Blog - Edit your Template