Thursday, October 8, 2009

Hospitals Need to Reach Out to Business Associates

The deadline for updating the Business Associate Agreement is approaching. Likely a good thing to do all around.
Hospitals and other provider organizations should be working with their business associates now to prepare for compliance with updated federal data privacy and security provisions under the American Reinvestment and Recovery Act. That’s the advice of May Thomason, senior compliance consultant at Intermountain Healthcare, a Salt Lake City-based delivery system.
As a result of ARRA, business associates must comply with the HIPAA privacy and security rules that were modified under the law. Business associates also will be subject to the same penalties as covered entities, such as hospitals and physician groups, for privacy and security violations. More