Business Associate Agreements May Require Amendment

more+
less-

The Omnibus Final Rule (the "Omnibus Rule") under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"), was issued in January, 2013 effective March 26, 2013, but with a general compliance deadline of September 23, 2013. Compliance with the Omnibus Rule required changes to many HIPAA compliance practices and related documents, including business associate agreements, the HIPAA notice of privacy practices and breach assessment policies and procedures.

With respect to business associate agreements, however, the Omnibus Rule included transition relief that allowed certain health plans an extended transition period within which to make necessary changes to their business associate agreements if certain conditions were met.

In order for a business associate agreement to qualify for the transition relief, the agreement must have been entered into prior to January 25, 2013 (the date the Omnibus Rule was issued) and the agreement must not have been modified or renewed between January 25, 2013, and September 22, 2013.

That transition relief expires on September 23, 2014 or upon the earlier modification or renewal of the agreement. This means that, as of September 23, 2014, all business associate agreements that have not been modified or renewed, or that have not already been updated, must be amended as necessary to reflect the changes made by the Omnibus Rule requirements.  Therefore, covered entities – and their business associates – should review their business associate agreements to ensure that they have all been properly updated.

Some changes made by the Omnibus Rule that may require changes to be made to business associate agreements may include:

  • an updated definition of "protected health information" ("PHI"), as well as limitations on using PHI for marketing purposes;
  • requiring business associates to comply with the HIPAA Security Rule;
  • imposition of breach identification and reporting obligations; and
  • changes in the forms in which documents are required to be provided in response to a request for  PHI.
  • updated provisions applicable to subcontractors of the business associate.

 

Topics:  Business Associates, Covered Entities, Final Rules, Healthcare, HIPAA, HIPAA Omnibus Rule, PHI

Published In: General Business Updates, Health Updates, Labor & Employment Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© FordHarrison | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »