The purpose of this fact sheet is to provide a clear compilation of all provisions through which a Business Associate can be held directly liable for compliance with certain requirements of the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (“HIPAA Rules”), in accordance with the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009.
Sections include:
- Direct Liability of Business Associates
- Covered Entities and Business Associates
- Who are Covered Entities
