HIPAA Changes in the HITECH Act of 2009: Business Associate Contracts Required for Certain Entities

House bill Sec. 4408
Senate bill Sec. 13408
Conference
agreement Sec. 13408

This text is from the Conference Committee Report

Current Law

A covered entity (a provider, health plan, of
clearinghouse) is permitted to disclose health information to
a business associate or to allow a business associate to
create or receive health information on its behalf, provided
the covered entity receives satisfactory assurance in the
form of a written contract that the business associate will
appropriately safeguard the information. Current law does not
explicitly include or exclude regional health information
exchanges, regional health information organizations, and
others offering personal health records for a covered entity
from regulation under the Privacy Rule promulgated under
HIPAA.

House Bill

The House bill requires organizations that contract with
covered entities for the purpose of exchanging electronic
health information, for example, Health Information
Exchanges, Regional Health Information Organizations (RHIOs),
and PHR vendors that offer their products through or for a
provider or health plan, to have business associate contracts
with those providers or health plans.

Senate Bill

Same provision.

Conference Agreement

Same provision.

 

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.