HIPAA Business Associates: How the regulations are changing, and what you need to do right now


Instructor: Jim Sheldon-Dean
Product ID: 702033

This 90 minute webinar will help you comprehensively understand the HIPAA compliance requirements for Business Associates and their contractors. It will cover what goes into a compliance plan, how to develop it and prepare for a HIPAA audit.
Last Recorded Date: Jul-2011


1 Person Unlimited viewing for 6 month info Recorded Link and Ref. material will be available in My CO Section
(For multiple locations contact Customer Care)

Downloadable file is for usage in one location only. info Downloadable link along with the materials will be emailed within 2 business days
(For multiple locations contact Customer Care)



Customer Care

Fax: +1-650-362-2367

Email: [email protected]

Read Frequently Asked Questions

Why Should You Attend:

The new HIPAA Business Associate rules change the game for HIPAA compliance responsibility. Now BAs will need to be in compliance with HIPAA Privacy and Security protections, and must also treat all their contractors as BAs as well, meaning that new agreements must be established between parties that have not formerly been required to have formal agreements, and existing agreements must be amended.

In this webinar, we will discuss how responsibilities have changed and how the changes affect both Business Associates and Covered Entities. We will discuss what goes into a compliant HIPAA Business Associate agreement, including what's required and what's advisable to protect parties in the event of breaches. The new regulatory language for HIPAA business associates (as proposed) will be explained and discussed.

The speaker will cover what goes into a compliance plan, how to develop it and prepare for a HIPAA audit. The new HIPAA penalty structure will be discussed, including new criminal penalties for individuals involved with wrongful disclosures, new mandatory penalties for willful neglect of compliance (starting at $10,000 and going up), and the new, four-tier penalty structure and definitions.

Learning Objectives:

  • Learn about the new requirements for HIPAA Business Associates.
  • Find out what is changing in the regulations for Business Associates.
  • Learn how the definition of BA has been significantly expanded.
  • Learn what goes into a proper Business Associate Agreement.
  • Find out about the new, higher enforcement penalties.
  • Learn about the new violation categories.
  • Learn about being prepared for a HIPAA Compliance Audit.

Areas Covered in the Seminar:

I. Old Ways, New Ways - Changes to the Rules

  • Origins of Changes to Business Associate Rules
  • New Definitions of Business Associates
  • Contractors of Business Associates

II. New Requirements and Changed Requirements for HIPAA Business Associates

  • HITECH Act Required Capabilities
  • Required Amendments to BAAs
  • BAA Provisions to Consider
  • Transitioning to the New Rules

III. Enforcement and Audits

  • New HIPAA Violation Categories
  • New HIPAA Penalty Structure
  • Preparing for HIPAA Audits

Free Handouts:

The CMS 2008 Information Request for Security Compliance Reviews form will be provided as an example of what might be asked in an audit.

Who Will Benefit:

  • Information Security Officers
  • Risk Managers
  • Compliance Officers
  • Privacy Officers
  • Health Information Managers
  • Information Technology Managers
  • Medical Office Managers
  • Chief Financial Officers
  • Systems Managers
  • Legal Counsel, and Operations Directors
  • Medical offices, practice groups, hospitals, academic medical centers insurers, business associates (shredding, data storage, systems vendors, billing services, etc.)

Instructor Profile:

Jim Sheldon-Dean, is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a variety of health care providers, businesses, universities, small and large hospitals, urban and rural mental health and social service agencies, health insurance plans, and health care business associates. He serves on the HIMSS Information Systems Security Workgroup, co-chairs the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and co-chairs the WEDI HIPAA Updates and Privacy and Security Meaningful Use sub-workgroups. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at AHIMA national and regional conventions and WEDI national conferences, and before the New York Metropolitan Chapter of the Healthcare Financial Management Association, Health Information Management Associations of New York City, New York State, Virginia, and Vermont, the Connecticut Hospital Association, and the Hospital and Health System Association of Pennsylvania. Sheldon-Dean has nearly 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master's degree from the Massachusetts Institute of Technology.

Topic Background:

In the past, business associates of HIPAA covered entities were not directly covered under HIPAA and were required to conduct themselves only according to the contract with the covered entity being served. The American Recovery and Reinvestment Act of 2009 (ARRA) establishes new requirements for business associates (BAs) who handle the protected health information of covered entities under HIPAA. In addition, Federal Breach Notification requirements for health information directly impact the relationship of covered entities, business associates, and their subcontractors.

New HIPAA regulations proposed and expected to be finalized by the end of 2011 put HIPAA business associates and their subcontractors directly under the HIPAA rules and make them responsible for the privacy and security of the information they handle, as well as liable for violations under the rules. Now BAs will need to be in compliance with HIPAA Privacy and Security protections, and must also treat all their contractors as BAs as well, meaning that new agreements must be established between parties that have not formerly been required to have formal agreements, and existing agreements must be amended. And the business associate definition now is expanded to include entities such as health information exchanges, regional health information organizations, and e-prescribing gateways.

Under the proposed regulations, specific language must be incorporated in all HIPAA BA agreements, and ARRA requires that business associates can be subject to random compliance audits by the US Department of Health and Human Services. HIPAA breach notification requirements enacted in 2009 also apply to business associates, which means that all existing agreements must be examined to ensure that liability, indemnification, and notification are properly covered in the agreements.

Follow us :



Refund Policy

Our refund policy is governed by individual products and services refund policy mentioned against each of offerings. However in absence of specific refund policy of an offering below refund policy will be effective.
Registrants may cancel up to two working days prior to the course start date and will receive a letter of credit to be used towards a future course up to one year from date of issuance. ComplianceOnline would process/provide refund if the Live Webinar has been cancelled. The attendee could choose between the recorded version of the webinar or refund for any cancelled webinar. Refunds will not be given to participants who do not show up for the webinar. On-Demand Recordings can be requested in exchange. Webinar may be cancelled due to lack of enrolment or unavoidable factors. Registrants will be notified 24hours in advance if a cancellation occurs. Substitutions can happen any time. On-Demand Recording purchases will not be refunded as it is available for immediate streaming. However if you are not able to view the webinar or you have any concern about the content of the webinar please contact us at below email or by call mentioning your feedback for resolution of the matter. We respect feedback/opinions of our customers which enables us to improve our products and services. To contact us please email [email protected] call +1-888-717-2436 (Toll Free).




6201 America Center Drive Suite 240, San Jose, CA 95002, USA

Follow Us

facebook twitter linkedin youtube


Copyright © 2021 ComplianceOnline.com MetricStream
Our Policies: Terms of use | Privacy

PAYMENT METHOD: 100% Secure Transaction

payment method