January 25, 2013, the Office for Civil Rights (OCR) published an updated sample Business Associate Agreement (BAA). The sample agreement reflects changes made to HIPAA Privacy, Security, and Enforcement in the Omnibus rule that was announced on January 17, 2013 and published in the Federal Register on January 25, 2013.
The OCR provides an introduction which includes the new definition of a “business associate” and includes a list of the components that MUST be included in a contract between a covered entity (CE) and business associate (BA). The sample contract language may also be adapted for the purposes of a contract between a BA and a subcontractor that the BA uses.
The document published by the OCR is not required for compliance with HIPAA contract provisions however, it is a tool that may be used by CEs and BAs to more easily comply with the business associate contract requirements.
The sample BAA may be found at the following location: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html.
The final rule published in the Federal Register may be viewed at http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf.
HC Healthcare Consulting staff includes CPAs, certified coders and consultants Certified in Healthcare Compliance that are available to provide expert assistance with HIPAA Privacy and Security implementation efforts in addition to your ongoing compliance needs.
DISCLAIMER: This post contains only summary information and highlights; it should be read in conjunction with the full article or document provided as a link. Any advice or recommendations given is general and specific questions should be directed to professional counsel.
