§17931. Application of security provisions and penalties to business associates of covered entities; annual guidance on security provisions
(a) Application of security provisions
Sections 164.308, 164.310, 164.312, and 164.316 of title 45, Code of Federal Regulations, shall apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity. The additional requirements of this title 1 that relate to security and that are made applicable with respect to covered entities shall also be applicable to such a business associate and shall be incorporated into the business associate agreement between the business associate and the covered entity.
(b) Application of civil and criminal penalties
In the case of a business associate that violates any security provision specified in subsection (a), sections 1320d–5 and 1320d–6 of this title shall apply to the business associate with respect to such violation in the same manner such sections apply to a covered entity that violates such security provision.
(c) Annual guidance
For the first year beginning after February 17, 2009, and annually thereafter, the Secretary of Health and Human Services shall, after consultation with stakeholders, annually issue guidance on the most effective and appropriate technical safeguards for use in carrying out the sections referred to in subsection (a) and the security standards in subpart C of part 164 of title 45, Code of Federal Regulations, including the use of standards developed under section 300jj–12(b)(2)(B)(vi) 1 of this title, as added by section 13101 of this Act, as such provisions are in effect as of the date before February 17, 2009.
(
Editorial Notes
References in Text
This title, referred to in subsec. (a), is title XIII of div. A of
Section 300jj–12(b)(2)(B)(vi) of this title, referred to in subsec. (c), was repealed by
Section 13101 of this Act, referred to in subsec. (c), means section 13101 of div. A of
Statutory Notes and Related Subsidiaries
Effective Date