January 30, 2013
Authored by: Chris Rylands and Serena Yee
We’ve already explored the changes from the new HIPAA/HITECH omnibus final rule in detail in our client alert. However, we wanted to highlight a few important provisions (and one perhaps not as important) of the rule and provide some additional commentary.
First, as noted in the alert, business associate agreements generally do not need to be amended for the final rules until September 23, 2014. However, if the agreement is renewed or extended (other than as part of an evergreen renewing contract), it must be amended at that time. The key condition, however, is that the agreement must have been in place by January 25, 2013 (the date the regulations were published in the Federal Register). If it was not, then the deadline is a full year earlier, or September 23, 2013. HHS recently posted some sample business associate contract language on its website here.