HITECH act and business associates

[brianwgray at gmail.com (Brian Gray)]

The following was brought to my attention and I hadn't noticed much on the
subject within the mailing list so I thought I'd share. I personally view
many of the changes as a positive step. One of the more interesting points
to me is the following snippet.

"Stimulus package dramatically alters HIPAA privacy and security"

*Other Provisions Impacting Business Associates*
Currently, business associates are not governed by HIPAA, but rather are
only contractually restricted in their use and disclosure of PHI pursuant to
their business associate agreements. As noted above, this will change
because the HITECH Act applies certain HIPAA provisions to business
associates. For example, business associates will have to comply with the
administrative, physical, and technical safeguards under the HIPAA Security
Rule, among other requirements. Business associates will have to report
security breaches subject to the notification requirements to covered
entities and provide certain information in such reports. Further, business
associates will be subject to civil and criminal penalties under HIPAA. The
HITECH Act also specifies that business associates can be subject to civil
and criminal penalties if they fail to take action upon becoming aware of
covered entity activities that do not comply with HIPAA.


http://wistechnology.com/articles/5558/

-- 
-Brian W. Gray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090226/432cede3/attachment.htm