Business Associates of Covered Entities must be able to demonstrate that they are in compliance with administrative, physical, and technical safeguards of the HIPAA Security Rule, as required by the HITECH Act. An important part of the process is having a well documented comprehensive HITECH Compliance policy the identifies user and system responsibilities. Some major components of the IT Security requirements of HIPAA and HITECH are as follows: