Advisories
Looming HIPAA Deadline: Update Business Associate Agreements by Monday, Sept. 22, 2014
By Adam H. Greene, Rebecca L. Williams and Anna C. Watterson
09.19.14
Business associate agreements that have not already been updated as required by the HIPAA Omnibus Rule should be updated by Sept. 22, 2014.
The Omnibus Rule changed and added mandatory language for valid business associate contracts. The compliance date for the HIPAA Omnibus Rule was Sept. 23, 2013. Recognizing the burden on the industry in amending or entering into new business associate agreements, the Department of Health and Human Services permitted an additional year to update certain business associate agreements. Business associate agreements qualified for this “extension” if: (1) prior to Jan. 25, 2013, the parties had a business associate agreement in place that complied with the HIPAA Privacy and Security Rules that were in effect at that time; and (2) the agreement was not revised or renewed between March 26, 2013 and Sept. 23, 2013.
The Omnibus Rule changed and added mandatory language for valid business associate contracts. The compliance date for the HIPAA Omnibus Rule was Sept. 23, 2013. Recognizing the burden on the industry in amending or entering into new business associate agreements, the Department of Health and Human Services permitted an additional year to update certain business associate agreements. Business associate agreements qualified for this “extension” if: (1) prior to Jan. 25, 2013, the parties had a business associate agreement in place that complied with the HIPAA Privacy and Security Rules that were in effect at that time; and (2) the agreement was not revised or renewed between March 26, 2013 and Sept. 23, 2013.