Illinois General Assembly - Illinois Compiled Statutes

Updating the database of the Illinois Compiled Statutes (ILCS) is an ongoing process. Recent laws may not yet be included in the ILCS database, but they are found on this site as Public Acts soon after they become law. For information concerning the relationship between statutes and Public Acts, refer to the Guide.

Because the statute database is maintained primarily for legislative drafting purposes, statutory changes are sometimes included in the statute database before they take effect. If the source note at the end of a Section of the statutes includes a Public Act that has not yet taken effect, the version of the law that is currently in effect may have already been removed from the database and you should refer to that Public Act to see the changes made to the current law.

410 ILCS 513/31.3

    (410 ILCS 513/31.3)
    Sec. 31.3. Business associates.

(a)   Notwithstanding Sections 30 and 35 of this Act, a covered entity may, without a patient's consent, disclose a patient's genetic information to a business associate and may allow a business associate to create, receive, maintain, or transmit protected health information on its behalf, if the covered entity obtains, through a written contract or other written agreement or arrangement that meets the applicable requirements of 45 CFR 164.504(e), satisfactory assurance that the business associate will appropriately safeguard the information.  A covered entity is not required to obtain such satisfactory assurances from a business associate that is a subcontractor.

(b) A business associate may disclose protected health information to a business associate that is a subcontractor and may allow the subcontractor to create, receive, maintain, or transmit protected health information on its behalf, if the business associate obtains satisfactory assurances, in accordance with 45 CFR 164.504(e)(1)(i), that the subcontractor will appropriately safeguard the information.

(Source: P.A. 98-1046, eff. 1-1-15.)