HIPAA Blog Posts: HIPAA Business Associates
If you want to qualify for "meaningful use" you have to be compliant with HIPAA HITECH, specifically you must do a risk analysis under 45 CFR 164.308(a)(1) (HIPAA Security Rule).
A Law Firm headlined "HHS Announces Delay in Enforcement of HITECH Rules as Applied to Business Associates" but in their last sentence said that BAs should implement security requirements anyway.
Compliance is an ongoing process requiring a commitment to making policies and procedures the business rules by which you run your company.
Just putting a business associate agreement in place is not enough to protect your PHI or your business.
The first reported breach of HIPAA HITECH by an insurance broker has occured.
While covered entities are focused on their own HITECH compliance their business associates are their "Blind Side".
ACR2 Solutions performs risk analysis and when they discover enities needing policies and procedures they recommend the service developed by Compliance Helper and Rebecca Herold.
Protected Health Information (PHI) is probably hiding on your copier without any protection.
The organizations affected by HIPAA and the HITECH Act are working their way through the five stages of grief; denial, anger, bargaining, depression, and finally, acceptance.