New regs for Business Associates. Is your BAA up to date?

September 23, 2014, marked the deadline to comply with the new HIPAA regulations regarding Business Associate Agreements. Healthcare providers are responsible for making sure their Agreements with all Business Associates are compliant with the new regulations, and include all required language.

What’s new?

To comply with the regulations, Business Associate Agreements must now include:

  1. That Business Associates will comply with the HIPAA Security Rule;
  2. That Business Associates will report breaches of unsecured protected health information to the Covered Entity;
  3. That Business Associates will require subcontractors to agree to and appropriately safeguard PHI; and finally,
  4. That Business Associates will comply with the HIPAA Privacy Rule if the Business Associate carries out any of the the healthcare provider’s obligations under the Privacy Rule.

Which means….

Under the new HIPAA Security Rule, Business Associates and Subcontractors are now directly liable.

Also, under the HIPAA Privacy Rule, Business Associates and Subcontractors are now directly liable for impermissible uses and disclosures, non-compliance with their Business Associate Agreements, and certain individual rights.

How does this affect me?

With the Office for Civil Rights (OCR) performing more audits of healthcare providers and business associates (for more information on these audits, see Rickard & Associates 9/17/14 blog:  click here), it is imperative to stay compliant. The OCR has stated that business associate agreements must be up to date with the new regulations. If business associate agreements are not compliant with the new regulations, the OCR will assess penalties.

OCR is making the point that healthcare providers and business associates are equally responsible for any breaches, or potential breaches.

In our next blog post, we will keep you informed of related issues.  To get this important information delivered directly to your mail box, 

Do you need help determining whether your Business Associate Agreement complies with the new HIPAA regulations, or do you need help drafting a new Agreement?  We can help. To contact us about the new HIPAA regulations, help with your new Business Associate Agreement, or your other legal needs:  CLICK HERE.

Related Posts


Recent Posts

Do I Need an Emergency List?
March 23, 2023
Breaking: New Self-Disclosure Policy
March 21, 2023
What is a Power of Attorney?
March 16, 2023
Can Your EHR Template Land You in Prison?
March 14, 2023
What Happens When You Don’t Fund Your Trust?
March 9, 2023


Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.


Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!