Leaders at the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) announced Tuesday they have published a free business associate agreement to help providers comply with the American Recovery and Reinvestment Act of 2009 (ARRA).
ARRA makes significant changes to the Health Insurance Portability and Accountability Act (HIPAA), requiring providers to establish new arrangements with their business associates.
Business associates, including software vendors, health information exchanges and regional health information organizations are now required to be in direct compliance with the HIPAA Security Rule and HIPAA Privacy provisions.
Covered entities must notify individuals of any breaches in the use and disclosure of unsecured (or unencrypted) protected health information, and business associates are required to notify their covered entities of any breaches.
In addition, breaches that impact 500 or more patients must be reported to the media and to the Secretary of Health and Human Services and will be posted on the HHS website.
Under ARRA, civil monetary penalties for violations have increased, with a maximum penalty of $1.5 million. The breach notification requirements became effective on Sept. 23, 2009, and other requirements become effective on Feb. 17, 2010.
NCHICA leaders said its new business associate agreement was developed by attorneys from NCHICA's legal workgroup and can be easily downloaded and adapted from the organization's website.
NCHICA is also offering materials to help covered entities in communicating with their business associates. These include:
- a notice to covered entities under HIPAA regarding new requirements under the ARRA HITECH Act;
- a template for business associate alert and new breach notification requirements;
- and a summary of selected ARRA and HITECH Act provisions related to business associates.
NCHICA is a nationally recognized nonprofit consortium dedicated to improving health and care in North Carolina by accelerating the adoption of information technology and enabling policies. Members include leading organizations in healthcare, research and information technology.
