Changes to the HIPAA Privacy Rule:
Background: The HIPAA Privacy Rule governs the use and disclosure of Protected Health Information (“PHI”). Prior to the HITECH Act, the Privacy Rule only applied to Covered Entities (i.e., covered health care providers, health plans, and health care clearinghouses). Covered Entities could engage Business Associates to provide services to the Covered Entities involving the use or disclosure of PHI as long as the Covered Entity and the Business Associate entered into an appropriate Business Associate Agreement. Business Associates were contractually liable for compliance with the Business Associate Agreement but were not directly liable for HIPAA compliance. However, the HITECH Act provided that, as of February 17, 2010, Business Associates were also directly subject to many provisions of the Privacy Rule.
Please see full publication below for more information.