HITECH Requires Revised Business Associate Agreement

Medical practices often work with associates that are not covered by HIPAA and perform services for the practice that are not related to treatment but still require protected health information (PHI).

In these cases, practices need to establish a business associate agreement, which has changed under the Health Information Technology for Economic and Clinical Health Act (HITECH).

Under the revised agreement, business associates are now directly subject to HIPAA privacy and security rules, rather than making the practice responsible for compliance.

Like medical practices, they also are required to disclose a breach of unsecured PHI. They are now subject to sanctions for violating the business associate agreement as well.

Get a sample business associate agreement for use in your office. Get more tools on complying with privacy requirements and handling a security breach.

Add Your Comments

The Pennsylvania Medical Society encourages lively debate, but please behave courteously and responsibly. Comments that include profanity, personal attacks (including language that could potentially identify an individual), or any other inappropriate, offensive, or illegal material will be removed. For more information, please see our Terms of Use. We do not answer legal questions on line. Members seeking general information about laws and regulations affecting medical practice may call our member resource line, (800) 228-7823.

Display name as (optional):

Comments (max 2000 characters):

Comments: 0

Last Updated: 6/15/2010

Share This Page Print page

From:
Email:
To:
Email:
Subject:
Message: