As reported in a previous client advisory, Title XIII of the American Reinvestment and Recovery Act of 2009, entitled the Health Information Technology for Economic and Clinical Health (HITECH) Act, makes “business associates” directly responsible for complying with certain provisions of the HIPAA privacy rule and all of the HIPAA security rules. Although these rules were slated to take effect in February 2010, the U.S. Department of Health and Human Services (HHS) has not yet issued rules on this particular requirement.
Please see full publication below for more information.