Health Information Technology for Economic and Clinical Health (HITECH) Compliance Deadline Looms - Updating Business Associate Agreements Is a High Priority
Friday, August 9, 2013
Elizabeth Johnson, Privacy, Information Security Attorney, Poyner Spruill, law
Print Mail Download i

The Department of Health and Human Services (HHS) has set a compliance deadline of September 23, 2013, for HIPAA-covered entities to meet essentially all aspects of the new HIPAA rules that were recently updated to implement the Health Information Technology for Economic and Clinical Health (HITECH) Act. Among the many necessary tasks are making changes to policies, privacy notices, training, and a covered entity’s practices such as implementation of individual privacy rights, breach reporting, security measures and business associate contracting. You can read more about these changes, increased enforcement and breach reporting in our past articles on HIPAA under Related Publications to the right. 

One of the highest priority items is updating business associate agreements (BAAs), because the distribution, negotiation and execution process can be time-consuming. Note that BAAs in place prior to January 25, 2013, may be updated either on the next modification or renewal, or prior to September 22, 2014, whichever is earlier. BAAs entered into after January 25 and going forward must be updated by September 23, 2013.

We recognize that the covered entity population needs affordable tools to assist them in their compliance efforts.  For that reason, we have created a BAA template that will help covered entities meet these compliance obligations.  Unlike other BAA templates available, this version includes a number of provisions that are not strictly required by the final rules but which we recommend in order to more strongly protect covered entities in light of the increased risk posed by business associates. For example, unless contracted otherwise, covered entities can be responsible for business associate noncompliance and are left to mitigate, report and pay for business associate-caused security breaches. This BAA template tips the balance back toward the favor of the covered entity in terms of risk, cost and liability protection. It includes features to both address the new HITECH requirements and mitigate the risk of business associate-caused security breaches and noncompliance.

With the compliance deadline only two months away, covered entities must focus efforts to ensure that all updates are complete and new training concluded prior to the September 23 deadline.

© 2024 Poyner Spruill LLP. All rights reserved.

Current Legal Analysis

More from Poyner Spruill LLP

Administrative Check-Up on Participant Plan Loans
by: Employment Law
Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know – and Do
by: Employment Law
Substantial Risk of Forfeiture: What Non-Profit and Governmental Employers Need to Know About IRS Guidance on Section 457 - Part 2
by: Employment Law , Kelsey H. Mayo
Deferred Compensation: What Non-Profit and Governmental Employers Need to Know About IRS Guidance on Section 457 - Part 1
by: Employment Law
NLRB Continues to Target Employers’ Social Media Policies
by: Employment Law
Hospice Providers – Step Up to the “MIC”
by: Iain M Stauffer
Final CMS Rule on the Reporting and Returning of Medicare Overpayments is a Wake-Up Call for Physicians
by: Wilson Hayman
Don't Be a Target -- Retirement Plan Fees and Expenses
by: Employment Law
EEOC Files First Two Lawsuits Challenging Sexual Orientation Discrimination
by: Employment Law
One Year Later: Avoiding Unfavorable Risk Weighting of Acquisition, Development, and Construction Loans for Commercial Real Estate Projects
by: Christopher S. Dwight

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins