Contact Us
Subscribe to this blog via RSS
Join us on LinkedInCategories
- Data Privacy
- Department of Health and Human Services' Office of Civil Rights
- Medical Malpractice
- Medical Cannabis
- Workplace health
- Workplace Violence
- Assisted Living Facilities
- EMTALA
- FDA
- Reproductive Rights
- Roe v. Wade
- SCOTUS
- COVID-19
- Prescription Drugs
- Telemedicine
- Medical Spas
- Code Enforcement
- Corporate
- United States Department of Justice ("DOJ")
- Employee Contracts
- Non-Compete Agreement
- Compliance
- HIPAA
- Kentucky Board of Nursing
- Managed Care Organizations (“MCOs”)
- Primary Care Physicians ("PCPs")
- Accountable Care Organizations (“ACO”)
- Anti-Kickback Statute
- Centers for Medicare & Medicaid Services (“CMS”)
- Data Breach
- Electronic Protected Health Information (ePHI)
- False Claims Act
- Federally Qualified Health Centers (“FQHCs”)
- Health Information Technology for Economic and Clinical Health Act (HITECH Act)
- Health Insurance Portability and Accountability Act of 1996 (HIPAA)
- HPSA
- KASPER
- Kentucky Board of Medical Licensure
- Kentucky’s Department for Medicaid Services
- Medicaid
- Medicare
- Mental Health Care
- Office for Civil Rights ("OCR")
- Office of Inspector General of the United States Department of Health and Human Services (OIG)
- Patient Protection and Affordable Care Act (“ACA”)
- Pharmacists
- Physician Assistants
- Qui Tam
- Rural Health Centers (“RHCs”)
- Stark Laws
- Telehealth
- Affordable Care Act
- APRNs
- Charitable Hospitals
- Health Professional Shortage Area ("HPSA")
- Hospitals
- HRSA
- Mid-Level Practitioners
- Rural Health Clinic
- Business Associate Agreements
- Compliance Programs
- ERISA
- Fraud
- Hospice
- Overpayments
- Part D
- Appeal
- Electronic Health Records (“EHR")
- Advanced Practice Registered Nurses
- Business Associates
- Denied Claims
- Division of Regulated Child Care
- Employee Agreement
- Fair Labor Standards Act (FLSA)
- Licensed practical nurses (LPN)
- Licensure Requirements
- Nurse practitioners (NP)
- Part A
- Part B
- Patient Autonomy
- Personal Health Information
- Personal Service Entities
- Physician Payments
- Qualified Health Plan ("QHP")
- Registered nurses (RN)
- Abuse and Waste
- Occupational Safety and Health Administration (“OSHA”)
- Department of Health and Human Services (HHS)
- Health Insurance
- Healthcare Regulation
- Health Care Law
McBrayer Blogs
Reminder: Update Your “Grandfathered” HIPAA Business Associate Agreements Now!
In January 2013, the Department of Health and Human Services (“HHS”) published its Final Rule, which significantly increased the privacy and security responsibilities for the “business associates” of “covered entities,” as those terms are defined by HIPAA. A provision within the Final Rule mandated that all covered entities and their business associates revise their business associate agreements to reflect the new responsibilities. Specifically, a business associate must now, among other things:
- Report breaches of unsecured protected health information (“PHI”) to the covered entity;
- Comply with the HIPAA Security Rule;
- Execute business associate agreements with subcontractors (who are now considered business associates under the Final Rule).
Business associate agreements that were in compliance with the HIPAA Privacy Rule prior to January 25, 2013 were considered “grandfathered” and permitted to remain in place until September 23, 2014 – if they were not updated prior to the September date. This date, however, is almost expired and now all business associate agreements must be updated to include the additional requirements created by the Final Rule. Business associate agreements that were put into place after January 25, 2013 should already comply with the Final Rule.
It is important to note that the Final Rule also expanded the definition of a BA to cover new entities and persons. Now, a BA includes health information organizations, e-prescribing gateways, data transmission entities that routinely access PHI, and vendors of PHI records, in addition to subcontractors of business associates that create, receive, maintain, or transmit PHI on behalf of the business associate.
If you have any questions regarding updating grandfathered business associate agreements, contact a McBrayer Health Care Law attorney today. The deadline is rapidly approaching – let us help you ensure that you are operating in accordance with the Final Rule provisions.
Services may be performed by others.
This article does not constitute legal advice.
