In addition to redefining business associates (BAs) and including subcontractors in the scope of liability, the final HIPAA omnibus rule has prompted the release of a new sample business associate agreement by the Dept. of Health and Human Services (HHS).
What does this mean for covered entities and business associates alike? Depending on where you are in the compliance process, It’s time to either update or draft a new contract and resign with your current vendors. Or, it could be time to search for a new hosting provider if your current HIPAA hosting provider isn’t able to sign a business associate agreement or meet HIPAA compliance.
According to the HHS, the contractual terms listed in the business associate agreement must include:
Require BAs to:
Review the sample business associate agreement provided by the HHS here.
For those that haven’t started on the road to compliance yet, you may be wondering where exactly to start. As I wrote about last February in Business Associates Must Be HIPAA Compliant By March 2012, this may help you figure out how to be HIPAA compliant:
If you want to learn more about how the final HIPAA omnibus rules affect business associates, covered entities and subcontractors, watch a recently recorded webinar with Attorney Brian Balow of Dickinson Wright, No More Excuses: HHS Releases Tough Final HIPAA Privacy and Security Rules.
Our other articles about how the final omnibus rule affects HIPAA cloud hosting providers and the HIPAA hosting market in general may also be of interest:
How the Final Omnibus Rule Affects HIPAA Cloud Computing Providers
The long-awaited final modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules were introduced Thursday. The 563-word document outlines the changes that were initially slated for implementation last summer (remember the omnibus rule?). So how do these modifications affect … Continue reading →
HIPAA Omnibus Rule Narrows the HIPAA Hosting Market
The final HIPAA omnibus rule released late last week holds business associates (BAs) and subcontractors (the BA of a business associate) directly liable for compliance with the HIPAA rules, and sets a deadline for compliance with the new modifications. There’s … Continue reading →
Need help achieving compliance? Learn about the specific HIPAA requirements for HIPAA hosting with IT vendors with our HIPAA Compliant Hosting white paper. With 36 pages of statistics, diagrams and researched information sourced from engineers and a CHSS (Certified HIPAA Security Specialist), this white paper is your complete guide to HIPAA hosting.
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.