WHEN ARRA EXTENDED sections of the T-IIPAA privacy and security rules to cover business associates (BAs), it created a seismic shift in their contractual relationships with covered entities (CEs). Further, the changes became effective simultaneous with other ARRA amendments that require CEs and BAs to notify customers of breaches of their protected health information (PHI). Together the changes encourage BAs and CEs to jointly revisit their communication and work processes to meet the new regulations.
展开▼