Another HIPAA Compliance Deadline Approaches
September 23, 2014 is fast approaching! It is the date by which all Business Associate Agreements (BAAs) must be brought into compliance with the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule.
On January 17, 2013, the Department of Health and Human Services published the Omnibus Rule, which made significant modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules. Covered entities, such as group health plans, and their business associates generally had until September 23, 2013, to comply with the changes made by the Omnibus Rule. This included bringing BAAs into compliance. Recognizing, however, that covered entities and business associates may have many BAAs, the Omnibus Rule included an alternative compliance date of September 23, 2014, to update BAAs where (1) there was a compliant BAA in place on January 25, 2013, and (2) the BAA was not modified between March 26, 2013, and September 23, 2013.
With the September 23, 2014 deadline looming, Troutman Sanders is providing this friendly reminder to its clients to review your BAAs to make sure that they are all in compliance with the HIPAA Omnibus Rule. If you have any BAAs that were entered into before January 25, 2013,and have not yet been updated, there is still time, but you should act quickly as it can take some time to negotiate the terms of a BAA.
© TROUTMAN SANDERS LLP. ADVERTISING MATERIAL. These materials are to inform you of developments that may affect your business and are not to be considered legal advice, nor do they create a lawyer-client relationship. Information on previous case results does not guarantee a similar future result.