Question

Which law made business associates directly responsible for compliance with HIPAA's Security Rule? 32 A O Omnibus rules of the HITECH Act. The business associate agreement. CO The Affordable Care Act. DO The "meaningful use" rule. 33 If a business associate suffers a security breach, who is responsible for notifying the affected patients that their information has been leaked or stolen? Since the protected health information belongs to the covered entity and not the business associate, the covered entity must notify the affected patients. A O The business associate that suffered the breach may delegate notification duties to the covered entity whose information was leaked. CO A covered entity may delegate breach notification responsibility to the business associate that suffered the breach. The Office for Civil Rights, part of the U.S. Department of Health and Human Services, must make the notification.

Answer 1

32) The correct option is B)

Any business associate of a HIPAA-covered entity who "maintains and transmits" protected health information on behalf of that covered entity, is subject to many of the same HIPAA rules as the covered entity. In addition, certain subcontractors of business associates are now to be treated as business

As a result of the Final Rule, business associates and subcontractors are required to enter into business associate agreements with each other. Subcontractors will be responsible for HIPAA compliance not only under those contracts but also directly under the HIPAA rules themselves.

Lastly, the Final Rule also changes some of the mandatory terms of business associate contracts and will require covered entities, business associates, and subcontractors to revisit their existing agreements to achieve compliance with the Final Rule's new requirements.

33) The correct option is A) The covered entity must notify the affected patients about the breach of their health information .