Leaders at the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) announced Tuesday they have published a free business associate agreement to help providers comply with the American Recovery and Reinvestment Act of 2009 (ARRA).
ARRA makes significant changes to the Health Insurance Portability and Accountability Act (HIPAA), requiring providers to establish new arrangements with their business associates.
Business associates, including software vendors, health information exchanges and regional health information organizations are now required to be in direct compliance with the HIPAA Security Rule and HIPAA Privacy provisions.
Covered entities must notify individuals of any breaches in the use and disclosure of unsecured (or unencrypted) protected health information, and business associates are required to notify their covered entities of any breaches.
In addition, breaches that impact 500 or more patients must be reported to the media and to the Secretary of Health and Human Services and will be posted on the HHS Web site.
