Post-Breach Break-Ups: Is it Time to End a Business Associate Relationship?
On-demand Originally aired February 17, 2026
January 21, 2026 at 1:00 pm (EDT)
Webinar Information
This webinar is Part 3 of 4 in the “I Heart HIPAA” webinar series.
Overview
Learning Objectives
Audience
Instructor
Format
Post-Breach Break-Ups: Is it Time to End a Business Associate Relationship?
Whether it’s a vendor engaged by your electronic medical record (EMR) provider, a pharmacy third-party administrator (TPA), or a local consultant providing coding support, business associates frequently report breaches to covered entities. Some reports include tight timelines requiring the business associate to make breach notifications on behalf of the covered entity. Others arrive with limited information or incomplete data, complicating the covered entity’s ability to meet its notification obligations.
Once the breach notification process concludes, covered entities are often left with difficult questions: Should the relationship continue? What steps can be taken to reduce future risk and better protect the organization?
This webinar
will focus on the covered entity and business associate relationship, describing
the breach reporting requirements, identifying key business associate agreement
provisions, and evaluating when it is time to find a new business associate.
CMOs
COOs
Compliance Officers
Risk Managers
Clinical Leadership
HIPAA Privacy Officers
HIPAA Security Officers
This webinar will:
Identify the breach notification requirements for covered entities and their business associates under the HIPAA Breach Notification Rule
Provide a practical framework for evaluating a business associate’s breach response and determining whether to continue the relationship
Describe contractual provisions health centers can incorporate into business associate agreements (BAAs) to mitigate financial and legal risk following a business associate breach
Dianne Pledgie
Principal
Dianne advises health care and non-profit organizations on the development and implementation of robust compliance programs.
Dianne also provides legal guidance on privacy, security and confidentiality matters, with particular focus on Health Insurance Portability and Accountability Act (HIPAA), 42 C.F.R. Part 2 and the Information Blocking Rule, including:
Advising clients on their obligations to protect patient records, respond to patient requests, and develop policies and procedures;
Reviewing business associate agreements, data use agreements, and patient consents related to the use and disclosure of protected health information and sensitive information; and
