Business Associate Agreements and HITECH: When to Amend?

June 24, 2011
The HITECH Act requires that certain new provisions be included in HIPAA business associate agreements by February 18, 2010.  The problem is that

The HITECH Act requires that certain new provisions be included in HIPAA business associate agreements by February 18, 2010. The problem is that the Department of Health and Human Services ("HHS") has yet to offer clarification regarding the precise provisions that must be included in these new business associate agreements or sample contract language.

On May 29, in a posting on a Health Care Compliance Association listserv, Susan McAndrew, Senior Policy Specialist with the HHS Office for Civil Rights ("OCR"), stated that OCR will be working over the summer on a proposed rule that should be issued later this year. Ms. McAndrew also noted that OCR has not yet updated the model business associate agreement on the OCR website.

So what do you do if you must enter into a business associate agreement today that will have a term that will run through February 18, 2010? You can either take your best shot at addressing HITECH requirements, with the understanding that subsequent modifications may be necessary, or you can amend the agreement in late 2009 or early 2010 when (hopefully) recommended sample provisions and additional guidance will be available. These are questions that HIPAA covered entities and business associates are grappling with right now. One consideration favoring amending business associate agreements early is the fact that the new security breach notification obligations imposed on business associates will become effective by September 18, 2009 (or sooner, depending on when HHS issues final regulations on the subject).

Sponsored Recommendations

The Healthcare Provider's Guide to Accelerating Clinician Onboarding

Improve clinician satisfaction and productivity to enhance patient care

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...