ABSTRACT

HIPAA is designed to protect the communication and handling of PHI between CEs and their BAs. As stated in the Security Rule, the overall responsibility of a BA originally was

e Department of Health and Human Services (HHS) succinctly summarized the expanded responsibilities of BAs within the 2013 Omnibus Rules1 by emphasizing that

• BAs must comply with the technical, administrative, and physical safeguard requirements under the Security Rule and are directly liable for violations.

Registered in England & Wales No. 3099067
5 Howick Place | London | SW1P 1WG© 2024 Informa UK Limited