The Health and Human Services Office for Civil Rights recently announced a $400,000 settlement with Care New England Health System over the lack of an updated business associate agreement (BAA). This case brings to mind the exposure business valuation experts have to tough rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)—and the penalties for violations are severe. This can happen if you receive protected health information (PHI) when doing a valuation of a healthcare entity.

Expanded law: The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH) significantly expanded the law to impose privacy rules to a healthcare entity’s “business associates,” which can include you as an appraiser, according to Mark Dietrich, editor and contributing author to The BVR/AHLA Guide to Healthcare Industry Finance and Valuation, 4th edition. Dietrich wrote a new chapter in the book devoted to HIPAA and medical records in the context of valuation and litigation. This is a “must-read” chapter for valuation analysts with healthcare clients, and it explains the use of a BAA as part of a strategy to avoid exposure.