As a result of ARRA, business associates must comply with the HIPAA privacy and security rules that were modified under the law. Business associates also will be subject to the same penalties as covered entities, such as hospitals and physician groups, for privacy and security violations.

Business associates are organizations that provide a service for a covered entity and use protected patient information to provide that service, Thomason said. Business associates now must notify providers when a data security breach involving patient data occurs, she notes.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access