• E-mail
• Print
• RSS

Compliance with HIPAA a must for business associates

Briefings on Outpatient Rehab: Reimbursement and Regulations, August 1, 2009

This is an excerpt from a member only article. To read the article in its entirety, please login.

The lax days of complying with privacy and security laws are over for business associates (BA). For the first time since HIPAA became law in 2003, BAs of covered entities must comply directly with the HIPAA security and privacy rules, according to the Health Information Technology for Economic and Clinical Health (HITECH) Act.

The security rule, which complements the HIPAA privacy rule, includes safeguards for protecting patients’ electronic protected health information (PHI), based on three components:

• Administrative. Organizations must have procedures that show how they will comply with the security rule.
• Physical. Organizations must control how patients’ records are physically accessed and prevent inappropriate access.
• Technical. Organizations must have a system to control computer access and monitor and protect communication that flows electronically over open networks.

This is an excerpt from a member only article. To read the article in its entirety, please login.

• E-mail to a Colleague
• Print
• RSS
• Archive