HIPAA Compliance Plan
« Previous PageHITECH Act Table of ContentsNext Page »

Download a FREE copy of the HIPAA Survival Guide 4th Edition.

Sec. 13408. Business Associate Contracts Required for Certain Entities.

Each organization, with respect to a covered entity, that provides data transmission of protected health information to such entity (or its business associate) and that requires access on a routine basis to such protected health information, such as a Health Information Exchange Organization, Regional Health Information Organization, E prescribing Gateway, or each vendor that contracts with a covered entity to allow that covered entity to offer a personal health record to patients as part of its electronic health record, is required to enter into a written contract (or other written arrangement) described in section 164.502(e)(2) of title 45, Code of Federal Regulations and a written contract (or other arrangement) described in section 164.308(b) of such title, with such entity and shall be treated as a business associate of the covered entity for purposes of the provisions of this subtitle and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of the date of enactment of this title.

Make sure you are Omnibus Rule Compliant: HIPAA Privacy Checklist.

« Previous PageHITECH Act Table of ContentsNext Page »