For HIPAA Business Associates, the Stimulus Is a Game-Changer | [node:field-byline] | Healthcare Blogs Skip to content Skip to navigation

For HIPAA Business Associates, the Stimulus Is a Game-Changer

February 14, 2009
by Reece Hirsch
| Reprints

On Tuesday, when President Obama signs into law The American Recovery and Reinvestment Act of 2009, better known as the federal economic stimulus package, the world is going to change for a wide range of healthcare technology companies. For the many healthcare companies that are "business associates" of HIPAA covered entities, their legal obligations, and potential liabilities, will dramatically expand.

The Stimulus will include a provision requiring all business associates to comply with the HIPAA security regulations in the same manner that covered entities comply. That means that business associates must perform security risk assessments and adopt written policies and procedures that address the HIPAA Security Rule's administrative, physical and technical safeguards standards. Simply signing a business associate agreement that states that you will "reasonably and appropriately protect" protected health information will no longer be sufficient.

In addition, HIPAA's civil and criminal penalties will now apply to business associates in the same way that they apply to covered entities. These new provisions will become effective one year after the effective date of the Stimulus legislation.

There are many more significant changes to HIPAA included in the Stimulus, but I'll save that for future postings ....

The Health IT Summits gather 250+ healthcare leaders in cities across the U.S. to present important new insights, collaborate on ideas, and to have a little fun - Find a Summit Near You!


See more on