Lost in many reports of the stimulus bill's $19 billion designated to extend deployment of health electronic records technology is the significant broadening of some aspects of privacy rules. HIPAA privacy rules apply to medical records, but full HIPAA restrictions have not always applied to "business associates" involved in many billing and financial services. The stimulus bill extends certain HIPAA requirements as well as new data breach notification requirements to certain "business associates." Both the FTC and the Secretary of HHS have major rule writing responsibilities to flesh out these new requirements. Review B&D Consulting's summary of health related aspects of the stimulus bill in the B&D Consulting Stimulus Resource Center.