Business Associate Obligations and Agreements: Aftermath of the HIPAA Omnibus Rule
1 hour 30 minutes
Understand how to implement a proper business associate agreement (BAA) and the obligations and responsibilities under HIPAA since the Omnibus Rule.
Nearly a decade ago, the Department of Health and Human Services (HHS) issued a final rule to implement some of the statutory amendments to the Health Insurance Portability and Accountability Act of 1996 and its accompanying regulations (collectively, HIPAA). This final rule known as the ‘omnibus final rule’ took effect in March of 2013, and among other things clarified the direct liability that business associates have under HIPAA. There still is some confusion over who are and who are not considered to be business associates under HIPAA.
Business associates are a wide and broad group of vendors, service providers and others who perform services by and on behalf of entities covered by HIPAA directly (‘covered entities’ in HIPAA refers to health care providers, health plans and health care clearinghouses) and in so doing must use or disclose patients’ nonpublic individually identifiable health information. When the omnibus rule took effect, HHS estimated that as many as half a million separate entities were business associates and would be affected by the omnibus rule – before giving consideration to any other or further vendors or service providers doing work for those business associates. Come prepared to explore what has happened in the nearly ten years since the omnibus final rule took effect.
• You will be able to review key provisions to assure they are up to date when reviewing and updating business associate agreements.
• You will be able to discuss how to inventory all of the businesses or entities to verify who all business associates are.
• You will be able to describe what you should require your business associates to do to remain compliant with HIPAA.
• You will be able to identify what a business associate’s responsibility under HIPAA is for assuring those subcontractors are HIPAA compliant.