Statutory Authority of HIPAA
- Has the Secretary exceeded the HIPAA statutory by requiring "business associates" to comply with the Privacy Rule, even if that requirement is through a contract?
- Has the Secretary exceeded the HIPAA statutory authority by requiring "satisfactory assurances" for disclosures to business associates?
- Were there Privacy Rule compliance deadlines in 2004?