- § 17931. Application of security provisions and penalties to business associates of covered entities; annual guidance on security provisions
- § 17932. Notification in the case of breach
- § 17933. Education on health information privacy
- § 17934. Application of privacy provisions and penalties to business associates of covered entities
- § 17935. Restrictions on certain disclosures and sales of health information; accounting of certain protected health information disclosures; access to certain information in electronic format
- § 17936. Conditions on certain contacts as part of health care operations
- § 17937. Temporary breach notification requirement for vendors of personal health records and other non-HIPAA covered entities
- § 17938. Business associate contracts required for certain entities
- § 17939. Improved enforcement
- § 17940. Audits
- § 17941. Recognition of security practices
Each organization, with respect to a covered entity, that provides data transmission of protected health information to such entity (or its business associate) and that requires access on a routine basis to such protected health information, such as a Health Information Exchange Organization, Regional Health Information Organization, E-prescribing Gateway, or each vendor that contracts with a covered entity to allow that covered entity to offer a personal health record to patients as part of its electronic health record, is required to enter into a written contract (or other written arrangement) described in section 164.502(e)(2) of title 45, Code of Federal Regulations and a written contract (or other arrangement) described in section 164.308(b) of such title, with such entity and shall be treated as a business associate of the covered entity for purposes of the provisions of this subchapter and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of February 17, 2009.
The Secretary shall provide for periodic audits to ensure that covered entities and business associates that are subject to the requirements of this subchapter and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of February 17, 2009, comply with such requirements.