Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: 1rudeboy
Here you go, for starters:

http://privacy.med.miami.edu/glossary/xd_business_associate.htm

DHHS has taken the position that covered entities are not liable for the privacy violations of business associates. However, if a covered entity becomes aware of a pattern of activity or practice by a business associate that constitutes a material breach, it must:

take reasonable steps to remedy the situation;

if such steps are not successful, terminate the contract or arrangement;

or if termination is not feasible, report the problem to DHHS.

Notwithstanding these provisions, failure to execute a business associate contract with "satisfactory assurances," or to take these corrective actions when the assurances are not met, could result in liability.
23 posted on 03/20/2004 5:42:09 AM PST by angkor
[ Post Reply | Private Reply | To 19 | View Replies ]

To: angkor
Thanks. I didn't think it would jibe with your ". . . whenever customer data goes offshore, it's by statute no longer subject to the privacy and security laws of the United States, e.g., HIPAA regs no longer apply."
25 posted on 03/20/2004 5:51:35 AM PST by 1rudeboy
[ Post Reply | Private Reply | To 23 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson