If business associates (BAs) think that HIPAA compliance doesn’t apply to them, they have another thing coming, suggests new federal guidance. The HHS Office for Civil Rights (OCR) warns that covered entities aren’t the only ones who need to step up their HIPAA compliance. As more and more privacy and security issues arise, BAs also need to take ownership of their piece of the HIPAA violation puzzle. To double down on BAs’ role in care delivery and compliance, the OCR uploaded a new fact sheet to its online resources, outlining exactly what BAs are directly liable for. “As part of the Department’s effort to fully protect patients’ health information and their rights under HIPAA, OCR has issued this important new fact sheet clearly explaining a business associate’s liability,” explains Roger Severino, OCR director, in an announcement on the new fact sheet. “We want to make it as easy as possible for regulated entities to understand, and comply with, their obligations under the law.” See the OCR fact sheet at www.hhs.gov/about/news/2019/05/24/new-hhs-fact-sheet-on-direct-liability-of-business-associates-under-hipaa.html.