HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos



HIPAA Q&A: BA contracts

Email This Post Print This Post

Q. What additional language do BA contracts need to satisfy requirements of the HITECH Act, which is part of the American Recovery and Reinvestment Act?

A. BA contracts require amendments that address the following:

  • New breach notification requirements as they pertain to BAs and their third-party contractors
  • The responsibility of BAs that store patient or health plan member PHI electronically to provide PHI electronically to covered entities, patients, and health plan members who request electronic copies (depending on how covered entities intend to comply with this new requirement)
  • Statutory requirement that BAs comply with the HIPAA security rule and the privacy rule’s use and disclosure provisions

Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, OR, answered this question. Apgar has more than 17 years of experience in information technology and specializes in security compliance, assessments, training, and strategic planning. He is a board member of the Workgroup for Electronic Data Interchange and chair of the Oregon and Southwest Washington Healthcare, Privacy, and Security Forum.

Categories : HIPAA Q&A

Leave a Reply