Polsinelli Releases A HIPAA Business Associate Guide


In 2009, the Health Information Technology for Economic and Clinical Health Act ("HITECH") modified a number of provisions of the Health Insurance Portability and Accountability Act ("HIPAA") to strengthen HIPAA's privacy and security protections. One significant aspect of HITECH is that Business Associates now have to comply with much of HIPAA and are subject to enforcement and penalties by the HHS Office for Civil Rights ("OCR"). In January, OCR published amendments to the HIPAA Regulations that Business Associates need to know.

Put simply, Business Associates are people or organizations that perform a service for a HIPAA "Covered Entity" (usually a health care provider or a health insurance plan), if the Business Associate will use, disclose, or maintain Protected Health Information ("PHI") in performing that service. For examples, Business Associates might include attorneys, accountants, consultants, software vendors, accrediting organizations, and management companies – if they have access to PHI. Under the new regulations, Business Associates also include health information organizations, e-prescribing gateways, other entities that provide data transmission services, entities that offers a personal health record on behalf of a Covered Entity, and data storage companies or cloud-computing companies.

On September 23, 2013, Business Associates are required to comply with the new regulations. Polsinelli has developed a template HIPAA Business Associate Policy and Agreement Guide (the "HIPAA Business Associate Guide"). The HIPAA Business Associate Guide is a comprehensive document that can be easily adapted to fit an organization's structure and specific function as a Business Associate.

The HIPAA Business Associate Guide contains (i) a simple introduction explaining whether a company is subject to HIPAA and the consequences of non-compliance; (ii) thirty-three template policies and procedures to implement Business Associate obligations under the HIPAA Regulations; (iii) a detailed overview of HIPAA, HITECH and the HIPAA Regulations; and (iv) a sample business associate agreement and a sample subcontractor business associate agreement. The Business Associate HIPAA Guide will serve as a tremendous tool in assisting any Business Associate in its HIPAA compliance efforts.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Polsinelli | Attorney Advertising

Written by:


Polsinelli on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.