Indiana Security & Privacy Network

OCR has released a new FAQ addressing whether a business associate of a HIPAA covered entity may block or terminate access by the covered entity to the protected health information maintained by the business associate for or on behalf of the covered entity, clarifying that business associates may not use such information in a manner or to accomplish a purpose or a result that would violate the HIPAA Rules.

You may find the new FAQ on OCR’s website at:  http://www.hhs.gov/hipaa/for-professionals/faq/2074/may-a-business-associate-of-a-hipaa-covered-entity-block-or-terminate-access/index.html

To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit us at http://www.hhs.gov/hipaa/index.html