Is a covered entity liable for or required to monitor the actions of a BA?
It would appear that they are. Recently there was a situation with a hospital in California that had raised this concern. The hospital contracted with a company to do medical transcriptions of doctors’ notes and that company hired three subcontractors to assist in this work. One of the subcontractors, located in Texas, hired a sub-subcontractor, based in India, to assist in completing the work. A dispute arose between the Texas subcontractor and the India company concerning payment and the owner of the business in India emailed the hospital administrator demanding assistance with getting paid. The hospital refused, saying they had no control over the Texas subcontractor. The response from India: We have your patients’ PHI and if you don’t assist us, we’ll post that information on the Internet for all to see. This has resulted in a bevy of new concerns among regulators and covered entities, making downstream confidentiality protections essential to any Business Associates’ contractual o
Related Questions
- What is defined as a covered public entity under the CAA that may be held responsible for correcting a substantiated violation of disability access and accommodations rights?
- If a doctor leaves a clinic that has a separate corporate limit, will that entity still be covered for that doctor’s actions?
- Is a covered entity liable for, or required to monitor, the actions of its business associates?
