Posted on 05. Mar, 2009 by in Provider News
The government’s stimulus bill,known as the “American Recovery and Reinvestment Act of 2009″ (ARRA), strengthens the HIPAA requirements that practices face, increasing penalties for privacy breaches, and creating restrictions on how you can share protected health information (PHI).
Important: The bill will require your practice’s business associates to implement policies that establish administrative and technical safeguards; those associates could face fines or penalties if they breach the HIPAA rules.
“ARRA does not distinguish among business associates,” says Edward Leeds, Esq. with Ballard,Spahr, Andrews & Ingersoll in Philadelphia. “To the extent that ARRA applies the privacy and security rules to any business associate, it applies them to all business associates,” he says.
The catch: “ARRA does not apply all HIPAA requirements to business associates,” Leeds says.”That would effectively convert them into covered entities, and ARRA does not follow that path.”
In a nutshell, Leeds says, “ARRA does make virtually all of the security requirements contained in the HIPAA regulations applicable to business associates, but is more selective with respect to the application of the privacy rules.”
Bottom line: “The stimulus package rule extends many of the obligations formerly only applicable to covered entities to all business associates,” says Stephen L. Page, Esq. of Waller, Lansden, Dortch & Davis in Nashville.
- Free updates on CPT, ICD-9, HCPCS, Medicare, NCCI edits, and ICD-10.
- Discounts on 3rd party offers