The HIPAA Privacy Rule provides federal protections for Personal Health Information (PHI) held by covered entities, and gives patients an array of rights with respect to that information. In addition, the Privacy Rule is balanced so that it permits the disclosure of PHI needed for patient care and other important purposes. The HIPAA Security Rule specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic Protected Health Information (ePHI)1. The HITECH Act, which is an addition to the overall HIPAA mandates, holds business associates responsible for being compliant with the HIPAA Privacy Rule and Security Rule. The HITECH Act also mandates the Business Associate’s responsibility for holding the covered entity to the Business Associate contract and the HIPAA Privacy Rule and Security Rule. If the Business Associate becomes aware of any non-compliance by the Covered Entity, the business associate must fix the breach, terminate the Business Associate contract, and/or report the non-compliance to the Department of Health and Human Services (HHS)2. In order to fulfill HIPAA regulations, Business Associates have to comply with the HIPAA Privacy Rule and Security Rule effective Feb 17, 2012.