Skip to Content

A Summary of the Proposed HIPAA Regulations Implementing HITECH
Organizational Safeguards

Organizational Safeguards


Similar to the Privacy Rule, a business associate contract is required between a covered entity and a business associate before e-PHI is released.99  If a covered entity knows of an activity or practice of the business associate that constitutes a material breach or violation of the contract, the covered entity must take reasonable steps to cure the breach or end the violation.  If the business associate also maintains e-PHI for the covered entity, then the contract should be reviewed and amended to comply with the Security Rule requirements as well.



  • 99. Id. at § 164.314.