Don’t Put Off That New HIPAA Business Associate Agreement: September 23, 2014 Deadline Looms

Foley Hoag LLP - Security, Privacy and the Law

It’s been a while, but we have another HIPAA deadline just around the corner: September 23, 2014.

September 23, 2014 is the date by which all HIPAA business associate agreements need to be in compliance with the current HIPAA regulations (often called the Omnibus Rule). The current rules went into effect on March 26, 2013, but certain then-existing HIPAA BAAs were grandfathered and did not have to be updated immediately. The grandfathering ends and up-to-date BAAs must be in place starting September 23, 2014.

Specifically, compliance was required 180 days following the HIPAA Omnibus Rule’s effective date (3/26/13); that initial deadline was September 23, 2013.  Additional time was provided for covered entities to enter into updated business associate agreements under certain circumstances, e.g., if the then-existing BAA complied with prior HIPAA rules, the parties to the BAA had an additional year to bring their BAAs into compliance with new Omnibus Rule.  That grandfathering will soon come to an end.

If you already updated your BAAs to be consistent with the Omnibus Rule, there’s nothing more to do right now (although it never hurts to review your agreements and to make sure you have BAAs where they are needed.)

As you revisit your BAAs, look at some of the elements to see if they can be made more favorable, including the following types of provisions:

  • breach notification timing;
  • ownership of data;
  • mitigation and breach response obligations;
  • indemnification;
  • insurance; and
  • incorporation of other federal and parallel state data security standards.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP - Security, Privacy and the Law | Attorney Advertising

Written by:

Foley Hoag LLP - Security, Privacy and the Law

Foley Hoag LLP - Security, Privacy and the Law on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.