[ Thursday, March 20, 2014 ]


Interesting Post-Omnibus Rule Trend: Covered Entities exercising greater oversight of their Business Associates' security measures.  I've seen this a lot in post-Omnibus BAAs, as well as in some of the HIPAA press and seminar circuits; here's a good example of the type of advice consultants are giving.  What's particularly interesting about this development is that the HITECH Act and the Omnibus Rule directly place greater HIPAA privacy and security requirements onto Business Associates.  Why, now that the law directly requires it, are Covered Entities taking a more hands-on approach to this?  If anything, changes in the law should make it less necessary to be contractually specific.  Interesting.

Jeff [4:58 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template