September 23, 2014, marked the deadline to comply with the new HIPAA regulations regarding Business Associate Agreements. Healthcare providers are responsible for making sure their Agreements with all Business Associates are compliant with the new regulations, and include all required language.
To comply with the regulations, Business Associate Agreements must now include:
- That Business Associates will comply with the HIPAA Security Rule;
- That Business Associates will report breaches of unsecured protected health information to the Covered Entity;
- That Business Associates will require subcontractors to agree to and appropriately safeguard PHI; and finally,
- That Business Associates will comply with the HIPAA Privacy Rule if the Business Associate carries out any of the the healthcare provider’s obligations under the Privacy Rule.
Under the new HIPAA Security Rule, Business Associates and Subcontractors are now directly liable.
Also, under the HIPAA Privacy Rule, Business Associates and Subcontractors are now directly liable for impermissible uses and disclosures, non-compliance with their Business Associate Agreements, and certain individual rights.
How does this affect me?
With the Office for Civil Rights (OCR) performing more audits of healthcare providers and business associates (for more information on these audits, see Rickard & Associates 9/17/14 blog: click here), it is imperative to stay compliant. The OCR has stated that business associate agreements must be up to date with the new regulations. If business associate agreements are not compliant with the new regulations, the OCR will assess penalties.
OCR is making the point that healthcare providers and business associates are equally responsible for any breaches, or potential breaches.
In our next blog post, we will keep you informed of related issues. To get this important information delivered directly to your mail box, click here to Subscribe
Do you need help determining whether your Business Associate Agreement complies with the new HIPAA regulations, or do you need help drafting a new Agreement? We can help. To contact us about the new HIPAA regulations, help with your new Business Associate Agreement, or your other legal needs: CLICK HERE.