Do Business Associates need to comply with HIPAA?

Business Associates are directly liable under HIPAA and must implement appropriate safeguards, conduct Security Risk Analyses when applicable, and report breaches. They are independently subject to enforcement actions.