chapter  21
Business Associate Issues
Pages 16

HIPAA is designed to protect the communication and handling of PHI between CEs and their BAs. As stated in the Security Rule, the overall responsibility of a BA originally was

e Department of Health and Human Services (HHS) succinctly summarized the expanded responsibilities of BAs within the 2013 Omnibus Rules1 by emphasizing that

• BAs must comply with the technical, administrative, and physical safeguard requirements under the Security Rule and are directly liable for violations.