Don’t Put Off That New HIPAA Business Associate Agreement: September 23, 2014 Deadline Looms

It’s been a while, but we have another HIPAA deadline just around the corner: September 23, 2014.

September 23, 2014 is the date by which all HIPAA business associate agreements need to be in compliance with the current HIPAA regulations (often called the Omnibus Rule). The current rules went into effect on March 26, 2013, but certain then-existing HIPAA BAAs were grandfathered and did not have to be updated immediately. The grandfathering ends and up-to-date BAAs must be in place starting September 23, 2014.

Specifically, compliance was required 180 days following the HIPAA Omnibus Rule’s effective date (3/26/13); that initial deadline was September 23, 2013.  Additional time was provided for covered entities to enter into updated business associate agreements under certain circumstances, e.g., if the then-existing BAA complied with prior HIPAA rules, the parties to the BAA had an additional year to bring their BAAs into compliance with new Omnibus Rule.  That grandfathering will soon come to an end.

If you already updated your BAAs to be consistent with the Omnibus Rule, there’s nothing more to do right now (although it never hurts to review your agreements and to make sure you have BAAs where they are needed.)

As you revisit your BAAs, look at some of the elements to see if they can be made more favorable, including the following types of provisions:

  • breach notification timing;
  • ownership of data;
  • mitigation and breach response obligations;
  • indemnification;
  • insurance; and
  • incorporation of other federal and parallel state data security standards.


Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag - Privacy & Data Security | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.