Now is the Time to Revise Your Business Associate Agreements

By: Julie A. Simer and Brooke J. Ledger

There is a lot of confusion among providers caused by the recent publication of new rules under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). On January 25, 2013, the HIPAA final omnibus rule (“Final Rule”) issued by the U.S. Department of Health and Human Services (“HHS”) was published in the Federal Register (78 FR 5565). The Final Rule is actually four rules rolled into one massive 523‐page rule. The Final Rule changes the requirements necessary to protect the privacy and security of protected health information (“PHI”) under the HIPAA Privacy, Security, and Enforcement Rules. The Final Rule strengthens protection for PHI and heightens breach‐reporting obligations. For providers, it will require:

1. Revising Existing Notices of Privacy Practice

2. Revising Existing Business Associate Agreements

3. Requiring Business Associates to Execute Business Associate Agreements With Subcontractors

More

Buchalter Nemer Teleseminar – New HIPAA Rules

February 13, 2013

New HIPAA Rules and What to Do Now to Avoid Increased Penalties
Julie A. Simer and Brooke J. Ledger
12:00 Noon-1:00 PM PST (telecast from Orange County Office)

The 563-page final HIPAA Omnibus Rule published in the Federal Register on January 25, 2013 makes important changes to the HIPAA rules for privacy and security of protected health information. Among these changes are new breach notification requirements and increased the penalties for a breach of protected health information. This means that covered entities must assess their current privacy and security policies, review relationships with business associates and subcontractors, review notices of privacy practices, conduct risk assessments, and evaluate breach notification policies. Get practical information on what your organization must do now to avoid significant penalties.