The HITECH Act within the American Recovery and Reinvestment Act substantially enhanced the HIPAA privacy and security rules. Some of those changes went into force during 2009, with more than a dozen additional regulatory actions or industry guidance documents expected in 2010.

Requirements - and penalties - of the privacy and security rules now apply directly to business associates. These include such entities as IT vendors, banks, billing firms and other service providers, who now must comply with the rules as if they were covered entities. Further, some newer types of organizations - particularly health information exchanges/regional health information organizations, e-prescribing gateways and personal health records vendors - now are considered business associates.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access