cognitive cybersecurity intelligence

News and Analysis

To BAA or Not to BAA: Must You Have One? | Holland & Hart LLP

HIPAA requires all business associates involved with handling protected health information (PHI) to perform and document a security risk assessment, set up essential safeguards, execute written agreements, and report security incidents. Any entity violating HIPAA can be fined from $127 to over $1.9 million per violation. To avoid penalties, entities may opt not to become a business associate or execute business associate agreements (BAAs). Those which do not create or handle PHI and those performing management functions can decline BAAs.

Source: www.jdsupra.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

News and Analysis

To BAA or Not to BAA: Must You Have One? | Holland & Hart LLP

Subscribe to newsletter

More Posts

Browser Extensions Are the New AI Consumption Channel That No One Is Talking About

February 2026 Healthcare Data Breach Report

Beyond wipers: Iran-backed cyber attacks and the threat to businesses

Breach has "been fixed" says CPUID, after CPU-Z or HWMonitor flagged as malware in apparent hack – PC Guide

Products

Solutions

Healthcare cybersecurity

Healthcare Threat Intelligence

Use Cases

News and Analysis

Insights

Company