Contained within the American Recovery and Reinvestment Act (ARRA) are provisions that modify the Health Insurance Portability and Accountability Act's (HIPAA) Privacy and Security Rules. The changes are significant to all covered entities, but are most challenging for business associates, who now face a host of new requirements. In a recent AHI web conference, attorney John Barlament of Michael Best & Friedrich LLP (Milwaukee, WI) examined how ARRA has altered HIPAA's Security and Privacy Rules.
Security Rules Now Apply Directly To Business Associates
Prior to ARRA, HIPAA's Security Rules only directly applied to covered entities. The term "covered entities," said Barlament, is "fairly narrowly defined." Since business associates did not fall under that definition, they were only indirectly required to follow the Security Rule thorough business associate agreements with covered entities.
"ARRA now directly ...(register to read more)