This document discusses changes to the roles and responsibilities of business associates (BAs) under HIPAA and HITECH regulations. It notes that HITECH now requires BAs to comply directly with HIPAA Security and Privacy Rules. BAs must enter agreements with subcontractors and ensure appropriate safeguards are in place. Business associate agreements must be amended to incorporate new HITECH requirements regarding uses of protected health information, required capabilities, and elements of the agreements. The document outlines new violation categories and penalties under HITECH and discusses audits, remediation efforts, and demonstrating good faith in compliance.