Sample agreement covers provisions in new HIPAA rule
Better Medicaid managed care oversight needed to protect providers serving high-risk populations: OI
As they work to comply with the omnibus Health Insurance Portability and Accountability Act rule published on Friday, long-term care providers can refer to a sample business associate agreement released recently by the Department of Health and Human Services Office for Civil Rights.
The omnibus rule extends HIPAA regulations to business associates, including subcontractors, that work with healthcare providers. This places a responsibility on entities covered by HIPAA to revise their business associate agreements. Large organizations might have as many as 20,000 business associates, so updating agreements could be an enormous task, lawyers told the Bureau of National Affairs.
The sample business associate agreement specifies a number of obligations a business associate has regarding health information safeguards and disclosure, as well as obligations for proper handling of information after the contract termination. The language can be changed to more appropriately cover relationships between parties to the agreement, HHS noted.
Existing business associate agreements must be updated by September 2014, according to the omnibus rule. Covered entities and business associates must be in compliance with most provisions of the rule by Sept. 23 of this year.