Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Am I a Business Associate? Do I want to be a Business Associate? What are my obligations?"

Transcription

1 Am I a Business Associate? Do I want to be a Business Associate? What are my obligations? Brought to you by Winston & Strawn s Health Care Practice Group 2013 Winston & Strawn LLP

2 Today s elunch Presenters Marion Goldberg Health Care Washington, D.C. Tom Mills Health Care Washington, D.C Winston & Strawn LLP 2

3 Covered Entitty Health Plan Health Care Clearinghouse Health Care Provider that engages in electronic transactions 2013 Winston & Strawn LLP 3

4 Prior to the HITECH Act Business Associates were not in HIPAA statute HHS invented Business Associate so that Covered Entities could not wiggle out of HIPAA obligations by contracting out services 2013 Winston & Strawn LLP 4

5 Prior to HITECH ACT Under HIPAA regulations: Covered Entity was required to enter into a Business Associate contract with its Business Associates Business Associate contract = Business Associate Agreement ( BAA ) If the BAA met all regulatory requirements, the Covered Entity did not have liability for acts (or omissions) of its Business Associate Compliant BAA No knowledge of a pattern or practice of violations 2013 Winston & Strawn LLP 5

6 HITECH Act HITECH Act brought Business Associates under most HIPAA requirements New regulations: Requirements also apply to subcontractors (Business Associates of Business Associates) 2013 Winston & Strawn LLP 6

7 Business Associate Post HITECH Act Becomes a Business Associate by definition not by contract Liability attaches when meets the definition of Business Associate Can be a Business Associate even if don t know it 2013 Winston & Strawn LLP 7

8 Business Associates Need to know who are your Business Associates Need to know if you are a Business Associate 2013 Winston & Strawn LLP 8

9 What is a Business Associate? Provides services for or on behalf of a Covered Entity Creates, receives, maintains, or transmits protected health information For a function or activity regulated the HIPAA privacy and security regulations 2013 Winston & Strawn LLP 9

10 What is a Business Associate Post HITECH Act? Provides services to or for a covered entity that involves the disclosure of PHI from the Covered Entity or another Business Associate: legal actuarial accounting consulting data aggregation management administrative accreditation financial 2013 Winston & Strawn LLP 10

11 What is a Business Associate Post HITECH Act? A Health Information Organization E-prescribing Gateway, or other provider of data transmission services Provider of a personal health record on behalf of a covered entity 2013 Winston & Strawn LLP 11

12 What is a Business Associate Post HITECH Act? claims processing or administration data analysis, processing, or administration, utilization review, quality assurance patient safety activities billing benefit management practice management repricing 2013 Winston & Strawn LLP 12

13 What is a Business Associate Post HITECH Act? Shredding company Copier repair company if copier retains PHI Record storage company Cloud storage company Bank other than for check clearing and credit card services 2013 Winston & Strawn LLP 13

14 What is a Business Associate Post HITECH Act? Subcontractor of a Business Associate Subcontractor of a subcontracted Business Associate, all the way downstream 2013 Winston & Strawn LLP 14

15 Who is not a Business Associate? A health care provider who receives disclosures from by a covered entity concerning the treatment of the individual. A plan sponsor who receives disclosures from a group health plan (or health insurance issuer or HMO) if the disclosures comply with HIPAA 2013 Winston & Strawn LLP 15

16 Who is not a Business Associate? A government agency that receives PHI to determine eligibility for, or enrollment in, a government health plan that provides public benefits and is administered by another government agency, or collecting PHI for these purposes as permitted by HIPAA A covered entity participating in an organized health care arrangement 2013 Winston & Strawn LLP 16

17 Who is not a Business Associate A conduit Post Office FedEx UPS Local courier service Bank that provides check clearing Credit card company 2013 Winston & Strawn LLP 17

18 Business Associates Must have a Business Associate Agreement Covered Entity gets BAA with its Business Associates Business Associates (not Covered Entities) get BAA with subcontractors, who are now Business Associates (all the way downstream) 2013 Winston & Strawn LLP 18

19 Business Associates A Covered Entity is liable for the acts (and omissions) of its Business Associate AND A Business Associate is liable for the acts (and omissions) of its Business Associate IF 2013 Winston & Strawn LLP 19

20 Business Associates A Covered Entity is liable for the acts (and omissions) of its Business Associate AND A Business Associate is liable for the acts (and omissions) of its Business Associate IF The Business Associate is an agent of the Covered Entity or contracting Business Associate 2013 Winston & Strawn LLP 20

21 Liability for Business Associates A Covered Entity is liable for the acts (and omissions) of its Business Associate AND A Business Associate is liable for the acts (and omissions) of its Business Associate IF The Business Associate is an agent of the Covered Entity or contracting Business Associate Under Federal common law of agency 2013 Winston & Strawn LLP 21

22 Liability for Business Associates But only liability for the Business Associate with whom you contract, not the downstream Business Associate(s) 2013 Winston & Strawn LLP 22

23 Liability for Business Associates No exception for compliant BAA and no knowledge of pattern or practice 2013 Winston & Strawn LLP 23

24 Liability for Business Associates So, Covered Entities and Business Associates must now become lawyers, or hire them 2013 Winston & Strawn LLP 24

25 Federal Common Law of Agency Problem: no Federal common law of agency for HIPAA Guidance from HHS in the preamble to the January 25, 2013 regulations Fact specific taking into account the totality of the circumstances 2013 Winston & Strawn LLP 25

26 Business Associates - Agency Essential factor- whether the Covered Entity has the right to control the Business Associate s conduct in performing the service 2013 Winston & Strawn LLP 26

27 Business Associate Agency - Control Authority of the Covered Entity to give interim instructions or directions Whether the Covered Entity can direct how the work is done Whether the BAA requires the Business Associate to make PHI available based on instructions from the Covered Entity Doesn t matter if Covered Entity has exercised the control, if has the authority to exercise the right 2013 Winston & Strawn LLP 27

28 Business Associates Agency Control Indication of lack of control if only avenue for control is to sue for breach of contact or amend the contract 2013 Winston & Strawn LLP 28

29 Scope of Agency Time, place and purpose of the Business Associate s conduct Whether a Business Associate engaged in a course of conduct subject to the Covered Entity s control Whether Business Associate's conduct is commonly done by a Business Associate to accomplish the service performed on behalf of the Covered Entity Whether or not the Covered Entity reasonably expected the Business Associate would engage in the conduct in question 2013 Winston & Strawn LLP 29

30 Business Associates Agency Control Skill required greater the skill, less likelihood of control Example small Covered Entity hires Business Associate to de-identify PHI Not likely the Covered Entity has the skill to give interim instructions 2013 Winston & Strawn LLP 30

31 Business Associate Agency Control Nature of Services No agency relationship likely if the Covered Entity is legally or otherwise prevented from performing the service BUT Covered entity cannot perform the activities of The Joint Commission or other accrediting organization 2013 Winston & Strawn LLP 31

32 Business Associate Agency Control Nature of Services No agency relationship likely if the Covered Entity is legally or otherwise prevented from performing the service Covered entity cannot perform the activities of The Joint Commission or other accrediting organization BUT If the Covered Entity contracts out or delegates an obligation under HIPAA service to a vendor, the vendor is likely an agent (but depends on the ability to control the performance of the delegated function) 2013 Winston & Strawn LLP 32

33 Business Associates - Agency Not likely an agency relationship Accounting services Legal services 2013 Winston & Strawn LLP 33

34 Business Associates - Agency Likely an agency relationship Billing services Cleaning service 2013 Winston & Strawn LLP 34

35 Business Associates - Agency Scope of Agency Agent must be acting within the scope of the agency Agency relationship may exist even if the Covered Entity does not retain the right or authority to control every aspect of the Business Associate s activities Factors Time, place and purpose of agent s conduct Whether engaged in a course of conduct subject to the Covered Entity s control Whether conduct is commonly performed by an agent to accomplish the service Whether not the Covered Entity reasonably expected the agent would engage in the conduct 2013 Winston & Strawn LLP 35

36 Business Associates - Agency Can be an agent even if: Covered Entity does not retain the right or authority to control every aspect of the Business Associate s activities Covered Entity does not exercise the right of control but it holds the authority to exercise that right The Covered Entity and Business Associate are a distance apart (even in different countries) 2013 Winston & Strawn LLP 36

37 Business Associates - Agency Covered Entity is only liable for conduct of the Business Associate that is within the scope of the agency But, the conduct is within the scope of the agency if the conduct occurs during the performance of the assigned task or incident to the task, regardless of carelessness, a mistake, or if the Business Associate disregarded an instruction A Covered Entity would be liable for an impermissible disclosure of PHI even by a Business Associate even if the disclosure was contrary to clear instructions 2013 Winston & Strawn LLP 37

38 Business Associate - Agency Outside scope of the agency If conduct is solely for the benefit of the Business Associate or a third party If course of conduct is not intended to serve any purpose of the Covered Entity 2013 Winston & Strawn LLP 38

39 Security Rule Obligations Ensure the confidentiality, integrity and availability of PHI Protect against any reasonably anticipated threats or hazards to the security or integrity of PHI Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the Privacy Rule 2013 Winston & Strawn LLP 39

40 Security Rule Obligations Business Associates must comply with safeguards for electronic PHI: Administrative Safeguards Physical Safeguards Technical Safeguards 2013 Winston & Strawn LLP 40

41 Security Rule Obligations Business Associate must take into account: Business Associate s size, complexity, and capabilities of the covered entity or business associate Business associate s technical infrastructure, hard-ware, and software security capabilities The costs of security measures The probability and criticality of potential risks to electronic PHI 2013 Winston & Strawn LLP 41

42 Security Rule Obligations Appoint a Security Official Security policies and procedures Conduct a risk analysis Disciplinary policies 2013 Winston & Strawn LLP 42

43 Security Rule Obligations Employee training Document compliance Business Associate Agreement with Business Associates 2013 Winston & Strawn LLP 43

44 Business Associates Privacy Rule Required disclosures As required by law To the Secretary of HHS to evaluate compliance by a Covered Entity or Business Associate To the Covered Entity To the Individual or Individual s designee to respond to request for access to individual s PHI or request for electronic PHI As directed by the Individual 2013 Winston & Strawn LLP 44

45 Business Associate Uses and Disclosures As permitted by the Business Associate Agreement Business Associate cannot benefit from uses and disclosures permitted by regulations unless permitted by the BAA 2013 Winston & Strawn LLP 45

46 Business Associates Privacy Rule Restrictions on Use or Disclosure Sale of PHI Marketing using PHI 2013 Winston & Strawn LLP 46

47 Minimum Necessary Standard Only the minimum necessary to accomplish the task Applies to uses and disclosures One exception treatment Business Associate must comply with Covered Entity s minimum necessary standards and Business Associate Agreement Be careful of what you provide, you can always provide more 2013 Winston & Strawn LLP 47

48 Business Associate Reporting Must report own and subcontractors breaches to the Covered Entity 2013 Winston & Strawn LLP 48

49 Business Associate Agreement Grandfather If BAA in effect prior to January 25, 2013, have until earlier of a renewal or amendment to underlying agreement or September 22, 2014 Otherwise, earlier of renewal or amendment of underlying agreement or September 23, 2013 Evergreen contract renewal is not deemed a renewal for these purposes 2013 Winston & Strawn LLP 49

50 Business Associate Agreement Grandfather Just applies to need to enter into a new agreement Does not affect requirement to comply with the new regulations 2013 Winston & Strawn LLP 50

51 Tiers of Violations Tier 1 For a violation in which it is established that the covered entity or business associate did not know and, by exercising reasonable diligence, would not have known that the provision was violated Penalty $100 - $50,000 per violation Annual maximum $1,500,000 per identical violation 2013 Winston & Strawn LLP 51

52 Tiers of Violations Reasonable diligence means the business care and prudence expected from a person seeking to satisfy a legal requirement under similar circumstances 2013 Winston & Strawn LLP 52

53 Tiers of Violations Tier 2 Violation in which it is established that the violation was due to reasonable cause and not willful neglect Penalty $1,000- $50,000 per violation Annual maximum $1,500,000 per identical violation 2013 Winston & Strawn LLP 53

54 Tiers of Violations Reasonable cause means an act or omission in which a covered entity or business associate knew, or by exercising reasonable diligence would have known, that the act or omission violated an administrative simplification provision, but in which the covered entity or business associate did not act with willful neglect 2013 Winston & Strawn LLP 54

55 Tiers of Violations Willful neglect means conscious, intentional failure or reckless indifference to the obligation to comply with a HIPAA provision Winston & Strawn LLP 55

56 Tiers of Violations Tier 3 Violation in which it is established that the violation was due to willful neglect and was corrected during the 30-day period beginning on the first date the covered entity or business associate liable for the penalty knew, or, by exercising reasonable diligence, would have known that the violation occurred Penalty $10,000-50,000 per violation Annual maximum $1,500,000 per identical violation 2013 Winston & Strawn LLP 56

57 Tiers of Violations Tier 4 For a violation in which it is established that the violation was due to willful neglect and was not corrected during the 30-day period beginning on the first date the covered entity or business associate liable for the penalty knew, or, by exercising reasonable diligence, would have known that the violation occurred Penalty at least $50,000 per violation Annual maximum is $1,500, Winston & Strawn LLP 57

58 How to count violations Varies Multiple individuals number of individuals Occurs over time period number of days If impermissible disclosure and safeguards violation, two separate violations times number of individuals/days 2013 Winston & Strawn LLP 58

59 Factors in determining penalty Nature and extent of violation (including number of individuals) Nature and extent of the harm (financial, reputational, physical) History of prior compliance Financial condition (both that may have hindered compliance and regarding the penalty) OCR has discretion List is not exhaustive 2013 Winston & Strawn LLP 59

60 What is a Breach? Unauthorized use or disclosure that compromises the security or privacy of the PHI 2013 Winston & Strawn LLP 60

61 Breach Notification Most improper disclosures will have to be disclosed Harm standard no longer applies 2013 Winston & Strawn LLP 61

62 Breach Notification If there is improper use or disclosure, a breach is presumed unless can show low probability PHI has been compromised Burden is on Covered Entity or Business Associate to show that all required notifications were made 2013 Winston & Strawn LLP 62

63 Breach Notification If the information may relate to multiple covered entities, will have to notify all covered entities 2013 Winston & Strawn LLP 63

64 Breach Notification Risk Assessment Factors Type of information Amount of information Who received it Whether can be identified How it could be used Was it actually viewed Was there mitigation (covered entity or BA) 2013 Winston & Strawn LLP 64

65 Breach Notification Timing Without unreasonable delay but not more than 60 days Timing begins when anyone in the workforce knows or should have known of the breach If breach is by a Business Associate, beginning of notice period depends on whether Business Associate is an agent (lots of legalese) 2013 Winston & Strawn LLP 65

66 Breach Notification To each affected Individual To the Secretary of HHS if 500 or more individuals involved (she posts the breach on her web site) To the media if more than 500 residents in one state or jurisdiction 2013 Winston & Strawn LLP 66

67 Breach Notifications 500+ by Type Theft 51% Unauthorized Access/Disclosure 20% Loss 14% Hacking/IT Incident 7% Improper Disposal 5% Unknown 3% 2013 Winston & Strawn LLP 67

68 Breach Notification 500+ Breaches by Location of Breach Laptop 23% Paper Records 22% Desktop Computer 15% Portable Electronic Device 14% Network Server 11% Other 10% 3% EMR 2% 2013 Winston & Strawn LLP 68

69 2013 Winston & Strawn LLP Questions?

70 2013 Winston & Strawn LLP Thank You.

OCR UPDATE Breach Notification Rule & Business Associates (BA)

OCR UPDATE Breach Notification Rule & Business Associates (BA) OCR UPDATE Breach Notification Rule & Business Associates (BA) Alicia Galan Supervisory Equal Opportunity Specialist March 7, 2014 HITECH OMNIBUS A Reminder of What s Included: Final Modifications of the

More information

Business Associates, HITECH & the Omnibus HIPAA Final Rule

Business Associates, HITECH & the Omnibus HIPAA Final Rule Business Associates, HITECH & the Omnibus HIPAA Final Rule HIPAA Omnibus Final Rule Changes Business Associates Marissa Gordon-Nguyen, JD, MPH Health Information Privacy Specialist Office for Civil Rights/HHS

More information

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES

White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES White Paper THE HIPAA FINAL OMNIBUS RULE: NEW CHANGES IMPACTING BUSINESS ASSOCIATES CONTENTS Introduction 3 Brief Overview of HIPPA Final Omnibus Rule 3 Changes to the Definition of Business Associate

More information

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute

OCR Reports on the Enforcement. Learning Objectives 4/1/2013. HIPAA Compliance/Enforcement (As of December 31, 2012) HCCA Compliance Institute OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

OCR Reports on the Enforcement. Learning Objectives

OCR Reports on the Enforcement. Learning Objectives OCR Reports on the Enforcement of the HIPAA Rules HCCA Compliance Institute April 22, 2013 David Holtzman Sr. Health IT & Privacy Specialist U.S. Department of Health and Human Services Office for Civil

More information

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule

Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Business Associates and Breach Reporting Under HITECH and the Omnibus Final HIPAA Rule Patricia D. King, Esq. Associate General Counsel Swedish Covenant Hospital Chicago, IL I. Business Associates under

More information

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule

12/19/2014. HIPAA More Important Than You Realize. Administrative Simplification Privacy Rule Security Rule HIPAA More Important Than You Realize J. Ira Bedenbaugh Consulting Shareholder February 20, 2015 This material was used by Elliott Davis Decosimo during an oral presentation; it is not a complete record

More information

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013.

Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Welcome. This presentation focuses on Business Associates under the Omnibus Rule of 2013. Business Associates have been part of the focus of the HIPAA regulations since 2003 when the privacy rule went

More information

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses, and certain

More information

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers

HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Compliance Tip Sheet National Hospice and Palliative Care Organization www.nhpco.org/regulatory HHS Issues New HITECH/HIPAA Rule: Implications for Hospice Providers Hospice Provider Compliance To Do List

More information

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule )

HIPAA and HITECH Compliance Under the New HIPAA Final Rule. HIPAA Final Omnibus Rule ( Final Rule ) HIPAA and HITECH Compliance Under the New HIPAA Final Rule Presented Presented by: by: Barry S. Herrin, Attorney CHPS, Name FACHE Smith Smith Moore Moore Leatherwood Leatherwood LLP LLP Atlanta Address

More information

New HIPAA regulations require action. Are you in compliance?

New HIPAA regulations require action. Are you in compliance? New HIPAA regulations require action. Are you in compliance? Mary Harrison, JD Tami Simon, JD May 22, 2013 Discussion topics Introduction Remembering the HIPAA Basics HIPAA Privacy Rules HIPAA Security

More information

Why Lawyers? Why Now?

Why Lawyers? Why Now? TODAY S PRESENTERS Why Lawyers? Why Now? New HIPAA regulations go into effect September 23, 2013 Expands HIPAA safeguarding and breach liabilities for business associates (BAs) Lawyer is considered a business

More information

Use & Disclosure of Protected Health Information by Business Associates

Use & Disclosure of Protected Health Information by Business Associates Applicability: Policy Title: Policy Number: Use & Disclosure of Protected Health Information by Business Associates PP-12 Superseded Policy(ies) or Entity Policy: N/A Date Established: January 31, 2003

More information

Am I a Business Associate?

Am I a Business Associate? Am I a Business Associate? Now What? JENNIFER L. RATHBURN Quarles & Brady LLP KATEA M. RAVEGA Quarles & Brady LLP agenda» Overview of HIPAA / HITECH» Business Associate ( BA ) Basics» What Do BAs Have

More information

Key HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences

Key HIPAA HITECH Changes. Gina Kastel, Partner, Health and Life Sciences Key HIPAA HITECH Changes Gina Kastel, Partner, Health and Life Sciences Agenda Business Associates Restrictions on Disclosures Access to PHI Notice of Privacy Practices Fundraising 2 Business Associates

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT 1. DEFINITIONS: 1.1 Undefined Terms: Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms defined by the Health Insurance Portability

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS

BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS PRIVACY 27.0 BUSINESS ASSOCIATES AND BUSINESS ASSOCIATE AGREEMENTS Scope: Purpose: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT IS TO BE USED ONLY AS A SAMPLE IN DEVELOPING YOUR OWN BUSINESS ASSOCIATE AGREEMENT. ANYONE USING THIS DOCUMENT AS GUIDANCE SHOULD DO SO ONLY IN CONSULT

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule

HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule HIPAA, HIPAA Hi-TECH and HIPAA Omnibus Rule NYCR-245157 HIPPA, HIPAA HiTECH& the Omnibus Rule A. HIPAA IIHI and PHI Privacy & Security Rule Covered Entities and Business Associates B. HIPAA Hi-TECH Why

More information

HIPAA Compliance Guide

HIPAA Compliance Guide HIPAA Compliance Guide Important Terms Covered Entities (CAs) The HIPAA Privacy Rule refers to three specific groups as covered entities, including health plans, healthcare clearinghouses, and health care

More information

Business Associate Agreement Involving the Access to Protected Health Information

Business Associate Agreement Involving the Access to Protected Health Information School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

More information

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist

HIPAA Omnibus Rule Overview. Presented by: Crystal Stanton MicroMD Marketing Communication Specialist HIPAA Omnibus Rule Overview Presented by: Crystal Stanton MicroMD Marketing Communication Specialist 1 HIPAA Omnibus Rule - Agenda History of the Omnibus Rule What is the HIPAA Omnibus Rule and its various

More information

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI

HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI January 23, 2013 HHS Finalizes HIPAA Privacy and Data Security Rules, Including Stricter Rules for Breaches of Unsecured PHI Executive Summary HHS has issued final regulations that address recent legislative

More information

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule

HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule JANUARY 23, 2013 HHS announces sweeping changes to the HIPAA Privacy and Security Rules in the final HIPAA Omnibus Rule By Linn Foster Freedman, Kathryn M. Sylvia, Lindsay Maleson, and Brooke A. Lane On

More information

Dissecting New HIPAA Rules and What Compliance Means For You

Dissecting New HIPAA Rules and What Compliance Means For You Dissecting New HIPAA Rules and What Compliance Means For You A White Paper by Cindy Phillips of CMIT Solutions and Kelly McClendon of CompliancePro Solutions TABLE OF CONTENTS Introduction 3 What Are the

More information

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing

HIPAA Omnibus Rule Practice Impact. Kristen Heffernan MicroMD Director of Prod Mgt and Marketing HIPAA Omnibus Rule Practice Impact Kristen Heffernan MicroMD Director of Prod Mgt and Marketing 1 HIPAA Omnibus Rule Agenda History of the Rule HIPAA Stats Rule Overview Use of Personal Health Information

More information

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1

A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 A How-To Guide for Updating HIPAA Policies & Procedures to Align with ARRA Health Care Provider Edition Version 1 Policy and Procedure Templates Reflects modifications published in the Federal Register

More information

Legislative & Regulatory Information

Legislative & Regulatory Information Americas - U.S. Legislative, Privacy & Projects Jurisdiction Effective Date Author Release Date File No. UFS Topic Citation: Reference: Federal 3/26/13 Michael F. Tietz Louis Enahoro HIPAA, Privacy, Privacy

More information

HIPAA and HITECH Compliance for Cloud Applications

HIPAA and HITECH Compliance for Cloud Applications What Is HIPAA? The healthcare industry is rapidly moving towards increasing use of electronic information systems - including public and private cloud services - to provide electronic protected health

More information

HIPAA/HITECH Omnibus Final Rule - January 23, 2013

HIPAA/HITECH Omnibus Final Rule - January 23, 2013 HIPAA Omnibus Rule Please note: these slides are intended to provide an overview of general information, not an exhaustive review. No legal advice is being offered or intended. Do not rely on this information

More information

M E M O R A N D U M. Definitions

M E M O R A N D U M. Definitions M E M O R A N D U M DATE: November 10, 2011 TO: FROM: RE: Krevolin & Horst, LLC HIPAA Obligations of Business Associates In connection with the launch of your hosted application service focused on practice

More information

BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:

BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS: BUSINESS ASSOCIATE AND DATA USE AGREEMENT NAME OF COVERED ENTITY: COVERED ENTITY FEIN/TAX ID: COVERED ENTITY ADDRESS:, City State Zip This Business Associate and Data Use Agreement ( Agreement ) is effective

More information

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS

BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS BREVIUM HIPAA BUSINESS ASSOCIATE TERMS AND CONDITIONS The following HIPAA Business Associate Terms and Conditions (referred to hereafter as the HIPAA Agreement ) are part of the Brevium Software License

More information

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing?

It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? It s a New Regulatory Landscape: Do You Know Where Your Business Associates are and What They are Doing? The AMC Privacy & Security Conference Series Securely Connecting Communities for Improved Health

More information

Business Associate Liability Under HIPAA/HITECH

Business Associate Liability Under HIPAA/HITECH Business Associate Liability Under HIPAA/HITECH Joseph R. McClure, JD, CHP Siemens Healthcare WEDI Security & Privacy SNIP Co-Chair Reece Hirsch, CIPP, Partner Morgan Lewis & Bockius LLP ` Fifth National

More information

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in

This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in This presentation focuses on the Healthcare Breach Notification Rule. First published in 2009, the final breach notification rule was finalized in the HIPAA Omnibus Rule of 2013. As part of the American

More information

Business Associate Agreement (BAA) Guidance

Business Associate Agreement (BAA) Guidance Business Associate Agreement (BAA) Guidance Introduction The purpose of this document is to provide guidance for creating or updating business associate agreements between your Practice ( Covered Entity

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

Overview of the HIPAA Security Rule

Overview of the HIPAA Security Rule Office of the Secretary Office for Civil Rights () Overview of the HIPAA Security Rule Office for Civil Rights Region IX Alicia Cornish, EOS Sheila Fischer, Supervisory EOS Topics Upon completion of this

More information

Lawyers as HIPAA Business Associates

Lawyers as HIPAA Business Associates 9/25/13 Lawyers as HIPAA Business Associates ISBA Solo and Small Firm Conference October 4, 2013 Rick L. Hindmand McDonald Hopkins LLC 1 Agenda Background HIPAA/HITECH Act/Omnibus Rule Who is a business

More information

what your business needs to do about the new HIPAA rules

what your business needs to do about the new HIPAA rules what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

Community First Health Plans Breach Notification for Unsecured PHI

Community First Health Plans Breach Notification for Unsecured PHI Community First Health Plans Breach Notification for Unsecured PHI The presentation is for informational purposes only. It is the responsibility of the Business Associate to ensure awareness and compliance

More information

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com

Answering to HIPAA. Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM. Brought to you by. www.duxware.com Answering to HIPAA Who Answers Your Phone? Prepared by Kenneth E. Rhea, MD, FASHRM Brought to you by www.duxware.com The Event On February 20, 2014 at 8:00 PM an Internal Medicine specialist received a

More information

HIPAA for Business Associates

HIPAA for Business Associates HIPAA for Business Associates February 11, 2015 Teresa D. Locke This presentation is similar to any other legal education materials designed to provide general information on pertinent legal topics. The

More information

University Healthcare Physicians Compliance and Privacy Policy

University Healthcare Physicians Compliance and Privacy Policy Page 1 of 11 POLICY University Healthcare Physicians (UHP) will enter into business associate agreements in compliance with the provisions of the Health Insurance Portability and Accountability Act of

More information

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements

Protecting Patient Information in an Electronic Environment- New HIPAA Requirements Protecting Patient Information in an Electronic Environment- New HIPAA Requirements SD Dental Association Holly Arends, RHIT Clinical Program Manager Meet the Speaker TRUST OBJECTIVES Overview of HIPAA

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( BA Agreement ) is entered into by Medtep Inc., a Delaware corporation ( Business Associate ) and the covered entity ( Covered Entity

More information

Implementation Business Associates and Breach Notification

Implementation Business Associates and Breach Notification Implementation Business Associates and Breach Notification Tony Brooks, CISA, CRISC, Tony.Brooks@horne-llp.com Clay J. Countryman, Esq., Clay.Countryman@bswllp.com Stephen M. Angelette, Esq., Stephen.Angelette@bswllp.com

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

My Docs Online HIPAA Compliance

My Docs Online HIPAA Compliance My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several

More information

www.shipmangoodwin.com Shipman & Goodwin LLP 2015. All rights reserved. @SGHealthLaw HARTFORD STAMFORD GREENWICH WASHINGTON, DC

www.shipmangoodwin.com Shipman & Goodwin LLP 2015. All rights reserved. @SGHealthLaw HARTFORD STAMFORD GREENWICH WASHINGTON, DC HIPAA Compliance and Non-Business Associate Vendors: Strategies and Best Practices July 14, 2015 William J. Roberts, Esq. Shipman & Goodwin LLP 2015. All rights reserved. HARTFORD STAMFORD GREENWICH WASHINGTON,

More information

Business Associates Agreement

Business Associates Agreement Business Associates Agreement This Business Associate Agreement (the Agreement ) between Customer,( Covered Entity ) and Kareo ( Business Associate ) will be in effect during any such time period that

More information

OMNIBUS RULE IMPLICATIONS FOR LAW FIRMS AS BUSINESS ASSOCIATES

OMNIBUS RULE IMPLICATIONS FOR LAW FIRMS AS BUSINESS ASSOCIATES OMNIBUS RULE IMPLICATIONS FOR LAW FIRMS AS BUSINESS ASSOCIATES Sarah S. Murdough, Esq. Holly S. Bell, Esq. Sulloway & Hollis Norman, Wood, Kendrick & Turner smurdough@sulloway.com hbell@nwkt.com (603)

More information

Covered Entities and Business Associates: An Evolving Relationship

Covered Entities and Business Associates: An Evolving Relationship Covered Entities and Business Associates: An Evolving Relationship Rebecca L. Williams, RN, JD Partner, Chair of HEALTH/HIPAA Practice Davis Wright Tremaine LLP beckywilliams@dwt.com 1 No health care provider

More information

Business Associate Management Methodology

Business Associate Management Methodology Methodology auxilioinc.com 844.874.0684 Table of Contents Methodology Overview 3 Use Case 1: Upstream of s I manage business associates 4 System 5 Use Case 2: Eco System of s I manage business associates

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,

More information

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm

Data Security and Integrity of e-phi. MLCHC Annual Clinical Conference Worcester, MA Wednesday, November 12, 2014 2:15pm 3:30pm Electronic Health Records: Data Security and Integrity of e-phi Worcester, MA Wednesday, 2:15pm 3:30pm Agenda Introduction Learning Objectives Overview of HIPAA HIPAA: Privacy and Security HIPAA: The Security

More information

Datto Compliance 101 1

Datto Compliance 101 1 Datto Compliance 101 1 Overview Overview This document provides a general overview of the Health Insurance Portability and Accounting Act (HIPAA) compliance requirements for Managed Service Providers (MSPs)

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Contract (Agreement) is entered into by and between, as a Covered Entity as defined in relevant federal and state law, and HMS Agency, Inc., as their

More information

HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS

HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS HIPAA OMNIBUS RULE: EXPANDED COMPLIANCE REQUIREMENTS James J. Eischen, Jr., Esq. November 2013 San Diego, California JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher & Mack, LLP 26+ years of experience

More information

This form may not be modified without prior approval from the Department of Justice.

This form may not be modified without prior approval from the Department of Justice. This form may not be modified without prior approval from the Department of Justice. Delete this header in execution (signature) version of agreement. HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate

More information

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc.

BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. BUSINESS ASSOCIATE AGREEMENT First Choice Community Healthcare, Inc. THIS BUSINESS ASSOCIATE AGREEMENT (BAA) is entered into by and between First Choice Community Healthcare, with a principal place of

More information

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions

Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Understanding HIPAA Privacy and Security Helping Your Practice Select a HIPAA- Compliant IT Provider A White Paper by CMIT Solutions Table of Contents Understanding HIPAA Privacy and Security... 1 What

More information

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS

FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS FIVE EASY STEPS FOR HANDLING NEW HIPAA REQUIREMENTS & MANAGING YOUR ELECTRONIC COMMUNICATIONS James J. Eischen, Jr., Esq. October 2013 Chicago, Illinois JAMES J. EISCHEN, JR., ESQ. Partner at Higgs, Fletcher

More information

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY

Tulane University. Tulane University Business Associates Agreement SCOPE OF POLICY STATEMENT OF POLICY IMPLEMENTATION OF POLICY Tulane University DEPARTMENT: General Counsel s POLICY DESCRIPTION: Business Associates Office -- HIPAA Agreement PAGE: 1 of 1 APPROVED: April 1, 2003 REVISED: November 29, 2004, December 1, 2008, October

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

DHHS POLICIES AND PROCEDURES

DHHS POLICIES AND PROCEDURES DHHS POLICIES AND PROCEDURES Section VIII: Privacy and Security Revision History: 8/21/13; 5/1/05 Original Effective Date: 4/14/03 Purpose To ensure that all individuals or organizations that perform specific

More information

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview

Updated HIPAA Regulations What Optometrists Need to Know Now. HIPAA Overview Updated HIPAA Regulations What Optometrists Need to Know Now The U.S. Department of Health & Human Services Office for Civil Rights recently released updated regulations regarding the Health Insurance

More information

Sample Business Associate Agreement Provisions

Sample Business Associate Agreement Provisions Sample Business Associate Agreement Provisions Words or phrases contained in brackets are intended as either optional language or as instructions to the users of these sample provisions. Definitions Catch-all

More information

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA?

3/13/2015 HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? HIPAA/HITECH WHAT S YOUR COMPLIANCE STATUS? Daniel B. Mills Pretzel & Stouffer, Chartered WHAT IS HIPAA? 1 DEFINITIONS HIPAA Health Insurance Portability and Accountability Act of 1996 Primarily designed

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010

New HIPAA Breach Notification Rule: Know Your Responsibilities. Loudoun Medical Group Spring 2010 New HIPAA Breach Notification Rule: Know Your Responsibilities Loudoun Medical Group Spring 2010 Health Information Technology for Economic and Clinical Health Act (HITECH) As part of the Recovery Act,

More information

HIPAA FOR LAWYERS AND LAW FIRMS What you need to know to prevent your law firm from paying MILLION$

HIPAA FOR LAWYERS AND LAW FIRMS What you need to know to prevent your law firm from paying MILLION$ HIPAA FOR LAWYERS AND LAW FIRMS What you need to know to prevent your law firm from paying MILLION$ FDCC Annual Meeting The Greenbrier Resort White Sulphur Springs, West Virginia July 27 August 2, 2014

More information

Surviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell. Topics Covered Part One. Topics Covered Part Two.

Surviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell. Topics Covered Part One. Topics Covered Part Two. Surviving a HIPAA violation One Agency s Experience Presented by: Roger Shindell President & CEO Carosh Compliance Solutions & Liz Mayer, RHIA Director, Organizational Integrity HCI Care Services and VNS

More information

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013

HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 HIPPA and HITECH NOTIFICATION Effective Date: September 23, 2013 Orchard Creek Health Care is required by law to maintain the privacy of protected health information (PHI) of our residents. If you feel

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

Louisiana State University System

Louisiana State University System PM-36: Attachment 4 Business Associate Contract Addendum On this day of, 20, the undersigned, [Name of Covered Entity] ("Covered Entity") and [Name of Business Associate] ("Business Associate") have entered

More information

Philip L. Gordon, Esq. Littler Mendelson, P.C.

Philip L. Gordon, Esq. Littler Mendelson, P.C. Beyond The Legal Requirements: Key Practical Issues in Negotiating Business Associate Agreements, Responding to a Breach of Unsecured PHI, and Understanding HHS Enforcement Philip L. Gordon, Esq. Littler

More information

HIPAA Breach Notification Interim Final Rule

HIPAA Breach Notification Interim Final Rule HIPAA Breach Notification Interim Final Rule The American Recovery and Reinvestment Act of 2009 ( the Act ) made several changes to the HIPAA privacy rules including adding a requirement for notice to

More information

BUSINESS ASSOCIATE AGREEMENT. Recitals

BUSINESS ASSOCIATE AGREEMENT. Recitals BUSINESS ASSOCIATE AGREEMENT This Agreement is executed this 8 th day of February, 2013, by BETA Healthcare Group. Recitals BETA Healthcare Group consists of BETA Risk Management Authority (BETARMA) and

More information

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA

OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463. Court Reporters and HIPAA Court Reporters and HIPAA OCRA Spring Convention ~ 2014 Phyllis Craver Lykken, RPR, CLR, CCR 2463 1 What Exactly is HIPAA? HIPAA is an acronym for the Health Insurance Portability and Accountability Act

More information

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com

HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist. www.riskwatch.com HIPAA Omnibus & HITECH Rules: Key Provisions and a Simple Checklist www.riskwatch.com Introduction Last year, the federal government published its long awaited final regulations implementing the Health

More information

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations &

Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Please print the attached document, sign and return to privacy@covermymeds.com or contact Erica Van Treese, Account Manager, Provider Relations & Solutions. Office: 866-452-5017, Fax: 615-379-2541, evantreese@covermymeds.com

More information

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996

HIPAA RISKS & STRATEGIES. Health Insurance Portability and Accountability Act of 1996 HIPAA RISKS & STRATEGIES Health Insurance Portability and Accountability Act of 1996 REGULATORY BACKGROUND Health Information Portability and Accountability Act (HIPAA) was enacted on August 21, 1996 Title

More information

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation

Penalty. Conduct of covered entity or business associate. Did not know and, by exercising reasonable diligence, would not have known of the violation WHY YOU NEED TO COMPLY. HIPAA UPDATE 2014: WHY AND HOW YOU MUS T C OMPL Y 1 In January 2013, the Department of Health and Human Services ( HHS ) issued its longawaited Omnibus Rule 2 implementing regulations

More information

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)]

BUSINESS ASSOCIATES [45 CFR 164.502(e), 164.504(e), 164.532(d) and (e)] OR HIPAA Privacy BUSINESS ASSOIATES [45 FR 164.502(e), 164.504(e), 164.532(d) and (e)] Background By law, the HIPAA Privacy Rule applies only to covered entities health plans, health care clearinghouses,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the BAA ) is made and entered into as of the day of, 20, by and between Delta Dental of California (the Covered Entity ) and (the Business

More information

Model Business Associate Agreement

Model Business Associate Agreement Model Business Associate Agreement Instructions: The Texas Health Services Authority (THSA) has developed a model BAA for use between providers (Covered Entities) and HIEs (Business Associates). The model

More information

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates

Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates Legal Update February 11, 2013 Long-Expected Omnibus HIPAA Rule Implements Significant Privacy and Security Regulations for Entities and Business Associates On January 17, 2013, the Department of Health

More information

Business Associate Agreements and Similar Arrangements

Business Associate Agreements and Similar Arrangements Business Associate Agreements and Similar Arrangements As a covered entity under the HIPAA Privacy Rule, the Indian Health Service (IHS) is required to have a written contract with each of its business

More information

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS

Shipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009

More information

Data Breach, Electronic Health Records and Healthcare Reform

Data Breach, Electronic Health Records and Healthcare Reform Data Breach, Electronic Health Records and Healthcare Reform (This presentation is for informational purposes only and it is not intended, and should not be relied upon, as legal advice.) Overview of HIPAA

More information

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style.

Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style. Are You Still HIPAA Compliant? Staying Protected in the Wake of the Omnibus Final Rule Click to edit Master title style March 27, 2013 www.mcguirewoods.com Introductions Holly Carnell McGuireWoods LLP

More information

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know Note: Information provided to NCRA by Melodi Gates, Associate with Patton Boggs, LLC Privacy and data protection

More information

HIPAA Compliance: Are you prepared for the new regulatory changes?

HIPAA Compliance: Are you prepared for the new regulatory changes? HIPAA Compliance: Are you prepared for the new regulatory changes? Baker Tilly CARIS Innovation, Inc. April 30, 2013 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed

More information