Brand Damages More than Legal Damages in HIPAA Violation

I was recently discussing with someone the possible legal damages of a HIPAA violation by a healthcare organizations business associate. We all know that thanks to HIPAA omnibus, the business associate will now be held liable for any HIPAA breaches or violations that occur. One question I haven’t seen addressed was whether the covered healthcare organization entity would be held responsible for the business associates breaches or violations. Before, the healthcare organization would be the only one with consequences. Are the consequences for the healthcare organization still the same if a business associate has a HIPAA breach?

I think the answer probably depends on the business associate agreement. Although, maybe you can’t shield yourself of liability from business associates negligence just with a well done business associate agreement. Hopefully some of me healthcare lawyer readers can shed light on this subject.

One thing I am sure of is that the legal damages pale in comparison to the damages to a brand when a HIPAA violation occurs even when the violation is completely the responsibility of the business associate. Healthcare organizations are still going to be held responsible for the violation. No doubt we’ll hear the phrase, “the healthcare organization should have properly vetted and checked that their business associates were following HIPAA.”

While we can all agree that many healthcare organizations aren’t as diligent as they should be with business associates, should the healthcare organization have to babysit all of their business associates?

Like most things in life, there has to be a balance. You can’t play big brother with all of your business associates. You’ll drive your business associates crazy and waste a lot of resources in the process. However, I think we can look to HIPAA for the guidelines. Every healthcare organization should have a well thought out understanding and process for how they decide who they work with as business associates.

The reality is that regardless of who takes on the legal consequences of a HIPAA violation, the healthcare organization is the one that has to worry most about the damage to their brand.

About the author

John Lynn

John Lynn is the Founder of HealthcareScene.com, a network of leading Healthcare IT resources. The flagship blog, Healthcare IT Today, contains over 13,000 articles with over half of the articles written by John. These EMR and Healthcare IT related articles have been viewed over 20 million times.

John manages Healthcare IT Central, the leading career Health IT job board. He also organizes the first of its kind conference and community focused on healthcare marketing, Healthcare and IT Marketing Conference, and a healthcare IT conference, EXPO.health, focused on practical healthcare IT innovation. John is an advisor to multiple healthcare IT companies. John is highly involved in social media, and in addition to his blogs can be found on Twitter: @techguy.

1 Comment

Click here to post a comment
   

Categories