Will the Feds Delay HITECH Business Associate Provisions?
As of February 17, BAs must be in compliance with the security rule and parts of the privacy rule. And they must be entered into contract with covered entities.
"There's no delay on what the actual statute [HITECH] says," Drummond says. "So the statute is effective, and everyone is responsible for being in compliance. … Everyone should be aware that they are currently legally obligated to be in compliance with HITECH today, and there may be other enforcers (state AGs)."
So don't delay compliance, says William Miaoulis, CISA, CISM, HIPAA lead consultant for Phoenix Health Systems.
However, Miaoulis, too, feels enforcement is "a ways off, not only for covered entities but also BAs. … I don't think [OCR] is ready, and they know they were supposed to give guidance."
Dom Nicastro is a contributing writer. He edits the Medical Records Briefings newsletter and manages the HIPAA Update Blog.
- CFO Exchange: Smartphones Poised to Disrupt Healthcare, Says Topol
- How Digital Strategy Shapes Patient Engagement at Boston Children's Hospital
- Half of All Primary Care, Internal Medicine Jobs Unfilled in 2013
- CNO on Hospital Redesign: 'You Can't Over-Communicate'
- Carondelet to Pay $35M to Settle Fraud Allegations
- Consumerism Drives Healthcare Branding, Rebranding Efforts
- Some Cancer Hospitals' Quality Data Will Soon Be Public
- PA Ranks See 'Phenomenal Growth,' Lack of Diversity
- 3 Traits Personality Assessments Can't Reveal
- CA Powers Up $80M HIE to 'Create Value in the Data'