There is currently no certification standard that is approved by the Department of Health and Human Services to demonstrate compliance with HIPAA or the HITECH Act by a business associate. To support our customers compliance with HIPAA when utilizing Microsoft enterprise products and services, Microsoft will enter into Business Associate Agreements with its covered entity and business associate customers. Among other things, a Business Associate Agreement establishes the permitted and required uses and disclosures of PHI by the business associate, based on the relationship between the parties and the activities or services being performed by the business associate. This agreement is called a Business Associate Agreement. HIPAA regulations require that covered entities (defined under the Rules) enter into agreements with business associates to ensure that PHI is adequately protected. Moreover, when a business associate subcontracts with a cloud service provider to create, receive, maintain, or transmit PHI, the cloud service provider also becomes a business associate. When a covered entity engages the services of a cloud service provider, such as Microsoft, the cloud service provider would be a business associate under HIPAA. HIPAA further applies to business associates of covered entities that perform certain functions or activities involving PHI as part of providing services to the covered entity or on behalf of the covered entity. HIPAA applies to covered entities (specifically, health care providers, health plans, and health care clearinghouses) that create, receive, maintain, transmit, or access patients' protected health information (PHI).
The scope of HIPAA was extended with the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. healthcare laws that establish requirements for the use, disclosure, and safeguarding of individually identifiable health information. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the regulations issued under HIPAA are a set of U.S. In this article HIPAA and the HITECH Act overview