Direct Liability. Business Associate may be held directly liable under HIPAA for impermissible uses and disclosures of PHI; failure to provide breach notification to Covered Entity; failure to provide access to a copy of Electronic PHI to covered entity or individual; failure to disclose PHI to the Secretary of the U.S. Department of Health and Human Services when investigating Business Associate’s compliance with HIPAA; failure to provide an accounting of disclosures and failure to enter into a business associate agreement with subcontractors.
Appears in 3 contracts
Sources: Memorandum of Understanding, Contract, Business Associate Agreement