Related Links
Suggested Content
- North Carolina alliance sets rules for managing data on mobile devices
- WEDI, NCHICA release regulatory timeline database
- HHS pushes for top-value care
- N.C. alliance offers help with ARRA
- Researchers seek review
- Nurses key to healthcare IT advancement, state consortium says
- North Carolina healthcare IT leaders meet at annual conference
- Leavitt pushes value-driven healthcare, urges progress in N.C.
- Premier, Verisk Health offer hospitals data for care improvement
Related Resources
- Care Episodes & Bundled Payment: Building and Automating Your Strategy
- 2012 is Coming: Prepare Your Compliance Processes for the Physician Payments Sunshine Act
- Improving Care Coordination with Online Services
- The Future of Wireless in Healthcare: Powering the Applications for 21st Century Care
- Executing Best Practices for EMR Implementation
RESEARCH TRIANGLE PARK, NC – Leaders at the North Carolina Healthcare Information and Communications Alliance, Inc. (NCHICA) announced Tuesday they have published a free business associate agreement to help providers comply with the American Recovery and Reinvestment Act of 2009 (ARRA).
ARRA makes significant changes to the Health Insurance Portability and Accountability Act (HIPAA), requiring providers to establish new arrangements with their business associates.
Business associates, including software vendors, health information exchanges and regional health information organizations are now required to be in direct compliance with the HIPAA Security Rule and HIPAA Privacy provisions.
Covered entities must notify individuals of any breaches in the use and disclosure of unsecured (or unencrypted) protected health information, and business associates are required to notify their covered entities of any breaches.
In addition, breaches that impact 500 or more patients must be reported to the media and to the Secretary of Health and Human Services and will be posted on the HHS website.
Under ARRA, civil monetary penalties for violations have increased, with a maximum penalty of $1.5 million. The breach notification requirements became effective on Sept. 23, 2009, and other requirements become effective on Feb. 17, 2010.
NCHICA leaders said its new business associate agreement was developed by attorneys from NCHICA's legal workgroup and can be easily downloaded and adapted from the organization's website.
NCHICA is also offering materials to help covered entities in communicating with their business associates. These include:
- a notice to covered entities under HIPAA regarding new requirements under the ARRA HITECH Act;
- a template for business associate alert and new breach notification requirements;
- and a summary of selected ARRA and HITECH Act provisions related to business associates.
NCHICA is a nationally recognized nonprofit consortium dedicated to improving health and care in North Carolina by accelerating the adoption of information technology and enabling policies. Members include leading organizations in healthcare, research and information technology.
