HIPAA Rules apply not just to the “covered entity” (Health Care Providers), but to those doing business with such entities, collectively known as “business associates”.  Hence, it is vital that health care providers have a written contract agreement- with  all entities with whom they do business- specifically addressing the required security controls currently in place, or to be implemented to protect the privacy and security of health information.

Leave a Reply