HIPAA Omnibus Rule Deadline for BAAs Approaches


The Final HIPAA Omnibus Rule (the “Omnibus Rule”), published in the Federal Register on January 25, 2013, made various important changes to how entities must comply with privacy and security requirements.  While most deadlines stemming from the Omnibus Rule have passed, one is imminent: the final requirement to update Business Associate Agreements (“BAAs”).  Certain BAAs may need to be updated by September 22, 2014.

Most BAAs were required to be updated to comply with the Omnibus Rule by September 23, 2013.  Key required changes related to breach reporting requirements, obligations for business associates performing covered entity functions, and an expanded definition of ‘business associate.’  However, BAAs already in place prior to the effective date of the Omnibus Rule that were neither renewed nor modified between March 26, 2013, and September 23, 2013, were deemed to be in compliance.  Such BAAs were required to be updated to comply with the Omnibus Rule upon renewal or modification.  Because deemed compliance is about to expire, BAAs that currently do not comply with the Omnibus Rule are required to be updated to come into compliance by September 22, 2014.

Covered Entities and Business Associates are encouraged to review their BAAs over the next several weeks to determine if modifications are needed to facilitate compliance.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Cooley LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.