Alert: September 22nd is the Deadline for Getting Updated HIPAA Business Associate Agreements
HIPAA Omnibus went into effect a year ago and it introduced many new rules that require HIPAA Covered Entitles and Business Associates to enter into new/revised Business Associate Agreements (BAAs) with each other; agreements that properly reference Omnibus and its requirements.
All BAAs entered into before January 25, 2013 were temporarily grandfathered in and you have until September 22nd, 2014 to enter into a revised contract. Agreements entered into after January 25th, 2013 must already be compliant.
This is a significant reminder and warning. Please check the date on all of your HIPAA BAAs and make sure that they are updated.
So What? Is this a “Big Deal?”
It really is. Any relationship between a HIPAA covered Entity and a Business Associate (or between Business Associates) that is not fully executed and compliant is a HIPAA reportable data breach because without it, there is no right to transmit ePHI and the Business Associate has no right to receive ePHI.
If any other kind of reportable breach occurs and you do not have a fully executed and compliant BAA, then you will be subject to the largest possible fines, as this will be automatically considered “Willful Neglect” of HIPAA.
LuxSci HIPAA customers with old grandfathered-in BAAs, who have not yet updated, are going to be contacted individually with a request to update the BAA. If they do not, we may be forced to temporarily suspend their accounts after September 22nd, to prevent a reportable data breach.
LuxSci HIPAA customers can get a signed BAA by going to: https://luxsci.com/extranet/hipaa-baa-standard.html
- How the HIPAA Omnibus Rule Affects Email, Web, FAX, and Skype
- HIPAA HITECH Business Associate Agreement and LuxSci Account Requirements
- Is Blackberry HIPAA Compliant? What You Need To Know
- How Is HIPAA-Compliant Email Different from Secure Email?
- Do HIPAA Resellers Need Business Associate Agreements with their Clients?