HIPAA Business Associate Agreement update available

Posted On: 8/7/2013

Does your hospital still need to update its Business Associate Agreements to comply with recent HITECH rules?

Effective Sept. 23, covered entities must comply with the revisions to HIPAA made by the Health Information Technology for Economic and Clinical Health Act (“HITECH’). Some of the key changes include:

  • Expand the scope and impact of the Privacy and Security Rules on business associates.   
  • Revision of the breach notification harm threshold.
  • Revise individual rights by:
    • Allowing patients to ask for a copy of their electronic medical record in an electronic form.
    • Giving individuals who pay by cash authority to instruct their provider not to share information about their treatment with their health plan.
    • Setting new limits on how information is used and disclosed for marketing and fundraising purposes.
    • Prohibiting the sale of an individuals’ health information without their permission.
By Sept. 23, covered entities are to do the following:
  1. Revise and distribute the Notice of Privacy Practices.
  2. Revise policies and procedures.
  3. Update business associate agreements.
  4. Train workforce members.
OHA can provide member hospitals with a new Business Associate Agreement prototype, developed by Crowe & Dunlevy, which incorporates this year’s rule revisions. To receive a free copy, contact Mia Johnston at OHA. Crowe & Dunlevy also has a complete HIPAA template policy available for organizations that need assistance updating their policies for the new requirements.  (Rick Snyder)