Since its inception, the Health Insurance Portability and Accountability Act of 1996, (HIPAA) has required that patient health information (PHI) be kept confidential. HIPAA meets this goal primarily through its privacy rule, security rule and breach notification rule. Covered Entities such as physicians, hospitals and insurers were initially the only entities required to comply with these rules. The increased use of digital media for storage and transmission of PHI led to the passage of the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009. One effect of HITECH was the requirement that business associates of covered entities comply with many of the regulatory requirements that had generally only been applicable to covered entities, fully implemented by 2013.

A business associate is defined by the U.S. Department of Health and Human Services as “a person or organization that conducts business with a covered entity that involves the use or disclosure of individually identifiable health information.” This is a very broad definition. Prior to HITECH, all a business associate needed to do to comply with HIPAA was to have a business associate agreement (BAA) in place with the covered entity that it served, promising to protect PHI. Only the covered entity had to fully comply with HIPAA; however, since the omnibus regulations passed after HITECH became effective in 2013, business associates, including some biotech and life sciences entities, accountants, attorneys, IT professionals, billing companies, management companies, document management services, etc., have all become responsible for meeting a significant compliance burden under HIPAA, almost as if they were covered entities themselves.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]