Although the new rules are not final, under the provisions of the HITECH Act business associates are directly responsible for HIPAA security and privacy compliance, rather than falling under the responsibility of the covered entity. When a covered entity enters into a business associate agreement, the entity must get assurances from the business associate regarding its ability and actual intention to safeguard protected health information in a manner that complies with HIPAA. The administrative rules adopted for the HIPAA security rule and privacy rule mandate the use of formal business associate agreements that spell out the obligations and document the business associate's attestation that it complies with the law. There is no statutory requirement dictating how covered entities reach the level of confidence they need to enter into business associate agreements. It is up to the covered entity to either take the business associate at its word, or to conduct some form of due diligence (investigate the BA's history of complaints or violations, check its reputation, do a site visit, etc.) to give the entity confidence the BA can and will do what it says it will.
Last Wiki Answer Submitted: February 14, 2012 7:22 pm by SteveGonHIT250 pts.
TechTarget publishes media for information technology professionals. More than 100 focused websites enable quick access to a deep store of news, advice and analysis about the technologies, products and processes crucial to your job. Our live and virtual events give you direct access to independent expert commentary and advice. At the Health IT Exchange, the online community and dedicated networking portal of SearchHealthIT.com, you can share solutions with health IT peers and get mission critical advice from industry experts. Ask questions, get answers and begin connecting with your colleagues today.