Under HITECH, a business associate has the same responsibilities for breaches as the healthcare entity does, but it is the healthcare organization’s responsibility to have an updated, signed business associate agreement in place that describes and addresses this new responsibility. So if you haven’t done so, you’ll need to revise your business associate agreement and get it re-executed with all related parties working your physician practice. If you need an example of a revised business associate agreement, follow this link and look under “publications.”
http://www.nchica.org/HIT_HIE/ARRA.htm
