Alert: September 22nd is the Deadline for Getting Updated HIPAA Business Associate Agreements

Published: September 10th, 2014

HIPAA Omnibus went into effect a year ago and it introduced many new rules that require HIPAA Covered Entitles and Business Associates to enter into new/revised Business Associate Agreements (BAAs) with each other; agreements that properly reference Omnibus and its requirements.

All BAAs entered into before January 25, 2013 were temporarily  grandfathered in and you have until September 22nd, 2014 to enter into a revised contract.  Agreements entered into after January 25th, 2013 must already be compliant.

This is a significant reminder and warning.  Please check the date on all of your HIPAA BAAs and make sure that they are updated

So What? Is this a “Big Deal?”

It really is.  Any relationship between a HIPAA covered Entity and a Business Associate (or between Business Associates) that is not fully executed and compliant is a HIPAA reportable data breach because without it, there is no right to transmit ePHI and the Business Associate has no right to receive ePHI.

If any other kind of reportable breach occurs and you do not have a fully executed and compliant BAA, then you will be subject to the largest possible fines, as this will be automatically considered “Willful Neglect” of HIPAA.

LuxSci HIPAA customers with old grandfathered-in BAAs, who have not yet updated, are going to be contacted individually with a request to update the BAA.  If they do not, we may be forced to temporarily suspend their accounts after September 22nd, to prevent a reportable data breach.

LuxSci HIPAA customers can get a signed BAA by going to: https://luxsci.com/extranet/hipaa-baa-standard.html

Leave a Comment


You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.