BAA Changes?


I know it's been posted here, but I cannot find it...For 2013, what are the changes that need to be made to our BAAs?

thanks! :)

The 2013 HITECH Final Rules went into effect March 26, 2013 The changes include the breach notification requirements/rules, the compliance date is September 23, 2013   Some businesses can qualify for transition relief which I think gives them a year from 9/23/2013.     www.hhs.gov   Look under HITECH

If you are a subscriber of PMRNC we have had the new amended sample BAA's up in our forms area and HIPAA/HITECH area as well.

thanks Linda!

I am studying my BAA alongside the one on the hhs site. So far, mine looks pretty similar....do you know if we need to spell out the breach notification requirements in the BAA? Like if this many files were breached, we need to do_______, if that many files were breached we need to ____________....

Under breach notification it is optional to add:

[The parties may wish to add additional specificity regarding the breach notification obligations of the business associate, such as a stricter time frame for the business associate to report a potential breach to the covered entity and/or whether the business associate will handle breach notifications to individuals, the HHS Office for Civil Rights (OCR), and potentially the media, on behalf of the covered entity.]

I outlined mine. and included specific information regarding notifications (procedures) Specific time frames are in my compliance plan.

super! you are so helpful LInda!  thanks!


[0] Message Index

Go to full version