PaulDotCom mailing list archives
HITECH act and business associates
From: brianwgray at gmail.com (Brian Gray)
Date: Thu, 26 Feb 2009 10:39:58 -0500
The following was brought to my attention and I hadn't noticed much on the subject within the mailing list so I thought I'd share. I personally view many of the changes as a positive step. One of the more interesting points to me is the following snippet. "Stimulus package dramatically alters HIPAA privacy and security" *Other Provisions Impacting Business Associates* Currently, business associates are not governed by HIPAA, but rather are only contractually restricted in their use and disclosure of PHI pursuant to their business associate agreements. As noted above, this will change because the HITECH Act applies certain HIPAA provisions to business associates. For example, business associates will have to comply with the administrative, physical, and technical safeguards under the HIPAA Security Rule, among other requirements. Business associates will have to report security breaches subject to the notification requirements to covered entities and provide certain information in such reports. Further, business associates will be subject to civil and criminal penalties under HIPAA. The HITECH Act also specifies that business associates can be subject to civil and criminal penalties if they fail to take action upon becoming aware of covered entity activities that do not comply with HIPAA. http://wistechnology.com/articles/5558/ -- -Brian W. Gray -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090226/432cede3/attachment.htm
Current thread:
- HITECH act and business associates Brian Gray (Feb 26)