[ Thursday, March 20, 2014 ]
Interesting Post-Omnibus Rule Trend:
Jeff [4:58 PM]
Covered Entities exercising greater oversight of their Business Associates' security measures. I've seen this a lot in post-Omnibus BAAs, as well as in some of the HIPAA press and seminar circuits; here's a good example
of the type of advice consultants are giving. What's particularly interesting about this development is that the HITECH Act and the Omnibus Rule directly place greater HIPAA privacy and security requirements onto Business Associates. Why, now that the law directly requires it, are Covered Entities taking a more hands-on approach to this? If anything, changes in the law should make it less necessary to be contractually specific. Interesting.
Blogger: HIPAA Blog - Edit your Template