The first federal data breach notification requirements recently became effective. The new requirements, introduced by the HITECH Act that was part of the American Reinvestment and Recovery Act signed into law by President Obama in February 2009, will impact not only “Covered Entities” (namely, health care providers, insurers and clearinghouses) but also “business associates,” generally, those companies that provide services – often, technology providers -- to such covered entities and have access to protected health information, as well as vendors of personal health records (“PHR”).
While covered entities, business associates and PHR vendors each face their own particular compliance challenges, this summary focuses on the compliance strategies for business associates.
While covered entities, business associates and PHR vendors each face their own particular compliance challenges, this summary focuses on the compliance strategies for business associates.
Comments