• E-mail
• Print
• RSS

HIPAA and business associates: Free white paper

HIPAA Weekly Advisor, July 13, 2009

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

The lax compliance with the HIPAA Privacy and Security Rules is over for business associates (BA).

For the first time since HIPAA became law in 2003, BAs are directly responsible for compliance with its Privacy and Security Rules, pursuant to the new Health Information Technology for Economic and Clinical Health (HITECH) Act. BAs are organizations that provide some service for or on behalf of a healthcare provider or payer, and that service involves access to PHI.

Until President Obama signed the American Recovery and Reinvestment Act of 2009 (ARRA) into law February 17, only covered entities were required to comply with the Privacy and Security Rules.

However, HITECH, specifically Title XIII of ARRA, requires BA to comply with the Security Rule in its entirety and the disclosure provisions of the Privacy Rule. The compliance date is February 18, 2010.

“I’ve done over 150 business associate security and privacy program reviews, and one of the most common answers I get from business associates is that, ‘Well, HIPAA does not apply to us,’” says Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI. Herold serves as privacy, security, and compliance consultant at Rebecca Herold & Associates, LLC, in Des Moines, IA. “They can’t say that anymore. They can no longer argue that they don’t have to have safeguards in place.”

Editor’s note: This was an excerpt from the HCPro, Inc. white paper, Business Associates and HIPAA: What BAs need to know to comply with HIPAA privacy and security rules.

Download a free copy of the white paper.

Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!

• E-mail to a Colleague
• Print
• RSS
• Archive