Your Patient's Data, But Not Your Breach


Your responsibilities for reporting HIPAA violations are complex, but reasonably clear, if your practice is responsible for the breach. However, what if the protected health information of your patients is violated, not by you, but by one of your business partners? What are your responsibilities then? That depends on whether the partner is a business associate or another “covered entity.”

A covered entity, as defined by HHS, is another healthcare provider, healthcare plan, or claims clearinghouse, who must comply with HIPAA regulations on their own. Business associates, on the other hand, are businesses or individuals who have access to some of your patients’ information because of certain services they perform for you, but are not themselves covered entities. An outside billing company is an example of a business associate, and so is your attorney.

Click here for the full article from Diagnostic Imaging.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.