top of page

Business Associate Impacts

Are you performing functions for or on behalf for the Health Care Industry?  Depending on the services you provide you could be responsible for complying with the Health Information Portability and Accountability Act of 1996, amendments made by the American Recovery and Reinvestment Act of 2009 and the modifications to Privacy and Security made January 25, 2013 with the Omnibus Rule.


If servicing the health care industry is important to the financial success of your business, call Caris, we can help you be a better Business Associate! (920) 639-6615.

Am I A Business Associate?

Do you access, create, store, modify, transmit or receive protected health information on behalf of your clients?  Chances are if you are accessing or using protected health information to perform these functions you are a buisness associate to your clients.


Do you support others who may be a buisness associate? If so, you would be a subcontractor also responsible for complying with the rules.

Caris can help you determine the compliance responsibilities for your organization. 920-639-6615

HIPAA Impacts to Business Associates


Do you have an updated Business Associate Agreement in place with your Covered Entity clients?  Written satisfactory assurances are required under the rule between a Covered Entity and Business Associate or Business Associate and their subcontractors.


Caris can help you to identify the agreements that are necessary, update the language and manage the revisions with your covered entities or your subcontractors.

ARRA Additional Requirements for Business Associates 2009
Omnibus Rule Final Modifications and Improvements to Privacy and Security Affecting Business Associates 2013

The American Recovery and Reinvestment Act (ARRA) of 2009 requires Business Associates to comply with Security rules for Administrative, Physical, Technical Safeguards and Organizational requirements under that rule.  In addition, Business Associates would now be accountable for the Civil Monetary Penalities that could be applied for non-compliance.


Caris can assist you wih the appropriate Security Risk Analysis to determine your risks, threats or vulnerabilities for the activities you are performing as well as risk of Penalties for non-complaince. (920) 639-6615

The Final Omnibus rule solidified the changes and amendments of the ARRA requiring all Business Associates to comply with Security as well as many components of Privacy.  Civil and criminal penalties can still be applied to the Business Associate and written satisfactory assurances or the Business Associate Agreements were required between the Covered Entity and Business Associate and the Business Associate and their subcontractors to ensure compliance downstream.


Caris can assist you with building and implementing an appropriate compliance plan to manage your risks, integrate the necessary changes and modifications into your daily pracitces and provide you with compliance expertise as your Privacy Official. (920) 639-6615



Want to be a better Business Associate? Call Caris we can help (920) 639-6615

bottom of page