There has been a lot of talk in the media and even Congressional hearings on whether or not the source code powering the Obamacare federal website violates HIPAA privacy protections on medical records and personal health information.
But this chatter yet again fails to help small business owners understand some very important changes about how HIPAA now affects them. Don’t be mistaken—HIPAA doesn’t just apply to doctor’s offices and insurance companies. If you are a contractor or subcontractor doing business with health care entities, you could be directly liable for violations to privacy and security.
Liability now extends to ‘business associates’ that create, receive, maintain or transmit protected health information (PHI) on behalf of business associates. That means everyone from attorneys to IT consultants can be fined anywhere from $100 up to $50,000 per violation. The Albany Business Review warns, “The federal government is expanding audits, seeking to get to the point where fines levied will pay for enforcement.”