Oregon
Rule Rule 125-055-0100
Purpose — HIPAA Privacy and Security Rule Implementation; HITECH Act Implementation.


(1)

The purpose of these rules is to set forth the requirements that a contractor who is a Business Associate of an Agency must abide by in order to comply with the Business Associate provisions of HIPAA and the implementing Privacy Rule and Security Rule and of the HITECH Act. The Privacy Rule and Security Rule, as amended by the HITECH Act, require an Agency, to obtain certain written assurances from a Business Associate, that the Business Associate will comply with the Business Associate requirements set forth in 45 CFR 164.502(e) and 164.504(e). The Privacy Rule requires that a Covered Entity obtain certain written assurances before the Business Associate may create, receive, maintain or transmit Protected Health Information. The requirements contained in this Rule apply both to Contracts for trade services and personal services, as defined in OAR 125-246-0110.

(2)

This Rule will be interpreted as broadly as necessary to implement and comply with HIPAA, the Privacy Rule and the Security Rule, and the HITECH Act. Any ambiguity in this Rule shall be resolved in favor of a meaning that complies and is consistent with HIPAA, the Privacy Rule and the Security Rule, and the HITECH Act.
Source
Last accessed
Oct. 16, 2019