tag:blogger.com,1999:blog-1572948039764834937.post4998932645173790715..comments2019-01-22T08:18:31.794-08:00Comments on Christiansen's IT Law: Information Law Theory and Practice: Preliminary Thoughts on the HITECH/HIPAA NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under the Health Information Technology for Economic and Clinical Health ActJohn R. Christiansenhttp://www.blogger.com/profile/16592498654125943981noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-1572948039764834937.post-35688931013940210392010-07-09T08:52:59.437-07:002010-07-09T08:52:59.437-07:00Pages 163 and 164 have some interesting comments a...Pages 163 and 164 have some interesting comments about HHS expectations vis a vis business associates and their agreements. They basically say that they assume that BAs are compliant with their agreements and have privacy and security programs in place. They go on further to say "For those business associates that have not already adopted HIPAA-compliant privacy and security standards for PHI, the risk of criminal and/or civil monetary penalties may spur them to increase their efforts to comply with privacy and security standards.<br />Are they not saying that if you signed an agreement you must be in compliance now?compliance helperhttps://www.blogger.com/profile/08666610127416726473noreply@blogger.com