Polsinelli Releases A HIPAA Business Associate Guide

In 2009, the Health Information Technology for Economic and Clinical Health Act ("HITECH") modified a number of provisions of the Health Insurance Portability and Accountability Act ("HIPAA") to strengthen HIPAA's privacy and security protections. One significant aspect of HITECH is that Business Associates now have to comply with much of HIPAA and are subject to enforcement and penalties by the HHS Office for Civil Rights ("OCR"). In January, OCR published amendments to the HIPAA Regulations that Business Associates need to know.

Put simply, Business Associates are people or organizations that perform a service for a HIPAA "Covered Entity" (usually a health care provider or a health insurance plan), if the Business Associate will use, disclose, or maintain Protected Health Information ("PHI") in performing that service. For examples, Business Associates might include attorneys, accountants, consultants, software vendors, accrediting organizations, and management companies – if they have access to PHI. Under the new regulations, Business Associates also include health information organizations, e-prescribing gateways, other entities that provide data transmission services, entities that offers a personal health record on behalf of a Covered Entity, and data storage companies or cloud-computing companies.

On September 23, 2013, Business Associates are required to comply with the new regulations. Polsinelli has developed a template HIPAA Business Associate Policy and Agreement Guide (the "HIPAA Business Associate Guide"). The HIPAA Business Associate Guide is a comprehensive document that can be easily adapted to fit an organization's structure and specific function as a Business Associate.

The HIPAA Business Associate Guide contains (i) a simple introduction explaining whether a company is subject to HIPAA and the consequences of non-compliance; (ii) thirty-three template policies and procedures to implement Business Associate obligations under the HIPAA Regulations; (iii) a detailed overview of HIPAA, HITECH and the HIPAA Regulations; and (iv) a sample business associate agreement and a sample subcontractor business associate agreement. The Business Associate HIPAA Guide will serve as a tremendous tool in assisting any Business Associate in its HIPAA compliance efforts.

 

Topics:  Business Associates, Healthcare Reform, HHS, HIPAA, HITECH, OCR, PHI

Published In: General Business Updates, Health Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Polsinelli | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »