Reassess BAAs to ensure omnibus rule compliance
HIM-HIPAA Insider, September 8, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
The September 23, 2014 deadline to revise business associate agreements (BAA) may have seemed like a date far into the future when the HIPAA omnibus final rule was released January 25, 2013. However, this compliance date is just around the corner as we continue to move along the road toward establishing and maintain compliance with the HIPAA privacy and security rules.
This date in September is notable because many organizations—both covered entities (CE) and business associates (BA)—find themselves dealing with the need to update or revise their BAAs. CEs were allowed to use existing BAAs for an additional year following the September 23, 2013 omnibus rule compliance date. Essentially, this meant that BAAs in place prior to January 25, 2013, which were not going to expire prior to September 23, 2013, could continue to be used until September 23, 2014. This gave BAs and CEs 18 months to determine what changes were needed to comply with the omnibus rule and then update or revise their BAAs accordingly. Despite the window of opportunity to address the issue of updating BAAs, it seems from my perspective that the majority of activity related to this task began occurring about a month or so before September 23, 2014.
HHS posted a sample BAA on its website January 25, 2013. In the second paragraph of the introduction, HHS lists 10 items that must be included in the written contract between a CE and its BA. Even though CEs and BAs may have recently updated their BAA in time for the compliance date, I believe it is worth the time to review these updated agreements and ensure they include the requirements identified in the HIPAA omnibus final rule.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Practice the six rights of medication administration
- Joint Commission Urges Hospitals to Protect Workers from Abuse
- Note similarities and differences between HCPCS, CPT® codes
- Differentiate between types of wound debridement
- Don’t forget the three checks in medication administration
- CMS and Joint Commission clarify door-closing devices standards
- OB services: Coding inside and outside of the package
- Avoid Eyewash-Related Regulatory Compliance Issues
- Maryland health system locked out of network by ransomware
- Complications from immobility by body system
- E-mailed
-
- Joint Commission creates new Sentinel Event Alert for violence against healthcare workers
- Joint Commission now allows partially-used oxygen canisters in 'full' rack
- OB services: Coding inside and outside of the package
- CMS and Joint Commission clarify door-closing devices standards
- Differentiate between types of wound debridement
- Injections and infusions continue to confuse coders
- Joint Commission Urges Hospitals to Protect Workers from Abuse
- Reimbursement for Facility and Professional Services in a Provider-Based Department by Gina M. Reese, Esq., RN
- Report codes 43235, 91035 for gastrointestinal endoscopy
- The Hospital Guide to Contemporary Utilization Review
- Searched