The American Recovery and Reinvestment Act (ARRA) contains surprising modifications to the Health Insurance Portability and Accountability Act's (HIPAA) Privacy and Security Rules. The changes are significant to all covered entities, but are most challenging for business associates, who now face a host of new requirements. Here are some of the highlights.
Security Rules apply directly to business associates. For the first time, business associates must comply directly with many of HIPAA's Security Rules. This will require every business associate to take several actions, including appointing a security official, developing written policies and procedures, and training its workforce on how to protect electronic protected health information (EPHI). These provisions go well beyond the previous requirements for business associates, where business associates only had to comply with the written business associate agr...(register to read more)