Last year, the Department of Health and Human Services (HHS) issued final regulations modifying the HIPAA privacy rules. Because the rules regulating business associate relationships were modified, all Business Associate Agreements (BAA) were to be updated to reflect those changes by September 23, 2013. However, HHS provided an extension for some Covered Entities (CE) until September 23, 2014.
If a CE had a valid BAA in place as of January 25, 2013, and made no modifications or changes, the deadline for updating the company’s BAA is September 23, 2014. By this date, ALL Business Associate Agreements will:
- Comply with the HIPAA Privacy and Security rules if the Business Associate carries out any of the Covered Entity’s obligations under the Rule;
- Report breaches of unsecured PHI to a Covered Entity;
- Require subcontractors to agree to safeguard PHI and ensure the CEs right to terminate the subcontractor for security or privacy violations.
For a quick review of the HIPAA and HITECH rules, along with sample privacy policies and business associate agreements, the American Medical Association has compiled a helpful HIPAA/HITECH toolkit for physicians and their practice staff.
— All rights reserved. For use or reprint in your blog, website, or publication, please contact us at firstname.lastname@example.org. Photo by David Wall via Flickr used with permission under the Creative Commons License.