Wilson Technology Group and More

Your One Stop IT and Telecommunications Firm

HIPAA: New Requirements for Business Associate Agreements

Leave a comment

An organization’s Business Associate (BA) Agreements may need to be amended or updated to comply with the Final Rule.  Under the new regulations, BA Agreements must now require that the BA will do the following:

1)  Comply, where applicable, with the HIPAA Security Rule

2)  Report breaches of unsecured PHI to the Covered Entity as required under the breach notification rules

3)  Make certain that any subcontractors that create or receive PHI on behalf of the BA agree to the same restrictions and conditions that apply to the BA (there must now be a BA Agreement in place between a BA and its subcontractors in these circumstances)

4)  Comply with the requirements of the HIPAA Privacy Rule whenever the BA is required to perform the Covered Entity’s obligation under the Privacy Rule.  BA Agreeements entered into prior to 1/25/13, between Covered Entities and BA’s (as well as BA’s and their subcontractors) that are not renewed or modified between between 3/26/13 and 9/23/13 and that met the requirements of HIPAA and HITECH prior to 1/25/13, will be granted grandfathered status and deemed to continue in compliance until 9/23/14 or the date the contract is renewed or modified, whichever occurs first.  All other BA Agreements must be in compliance with the new regulations by 9/23/13.

Taken in part from:  Miller & Martin, PLLC   3/8/2013


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s