ARTICLE
8 August 2013

Reminder: Compliance Dates For Revising Your Business Associate Agreements For Compliance With The HIPAA Omnibus Rule

DW
Dickinson Wright PLLC

Contributor

Dickinson Wright PLLC logo
Dickinson Wright is a general practice business law firm with more than 475 attorneys among more than 40 practice areas and 16 industry groups. With 19 offices across the U.S. and in Toronto, we offer clients exceptional quality and client service, value for fees, industry expertise and business acumen.
Explore Firm Details
The required compliance dates for revising business associate agreements between covered entities and business associates, or business associates with subcontractors, respectively, to reflect the new requirements of the Health Insurance Portability and Accountability Act "omnibus" regulations issued on January 17th, 2013 are approaching.
United States Food, Drugs, Healthcare, Life Sciences
Photo of Rose J. Willis
Authors

The required compliance dates for revising business associate agreements ("BAA") between covered entities and business associates, or business associates with subcontractors, respectively, to reflect the new requirements of the Health Insurance Portability and Accountability Act ("HIPAA") "omnibus" regulations issued on January 17th, 2013 (the "Final Rules") are approaching. As a reminder, the "transition" rules with respect to such revisions are briefly summarized below:

  • If, prior to January 25, 2013, the covered entity or business associate had in effect an existing BAA with a business associate or subcontractor, respectively, that complied with the prior provisions of the HIPAA Privacy and Security Rules, and such BAA was not renewed (except by automatic renewal pursuant to its terms) on or after March 26, 2013, then the BAA is considered "grandfathered" for one year and may continue to be used without modification until the earlier of (i) the date after September 23, 2013 on which the BAA is renewed or modified, or (ii) September 23, 2014.
  • If a BAA existed on January 25, 2013, but is renewed (without automatic renewal pursuant to its terms) or otherwise modified prior to September 23, 2014, the BAA must be revised to comply with the new requirements of the Final Rules as of September 23, 2013.
  • If a new BAA is entered into after January 25, 2013, the terms of that BAA must comply with the new requirements of the Final Rules as of September 23, 2013.

These compliance dates apply only to the technical requirement to amend BAAs; they do not affect the effective date of the compliance obligations of business associates and subcontractors under the HIPAA Privacy and Security Rules, which continues to be September 23, 2013.

For more information on the requirements of the Final Rule, please see our "DW Healthcare Legal News Archive" which is accessible through our DW Health Law Blog, at www.dwhealthlawblog.com .

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Rose J. Willis
Rose J. Willis
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More