HIPAA Privacy Reminders (article)
Business Associate Agreements. On January 25, 2013, comprehensive (omnibus) regulations relating to the HIPAA Administrative Simplification laws were issued (see the CBIZ At Issue, Highlights of Final HIPAA Privacy, Security and Breach Notification Rules, 2/28/13). These regulations clarified the breach notification rules, the standards relating to a covered entity’s notice of privacy practices, individual rights, use of genetic information, written authorization requirements, and the impact of the privacy and security rules on business associates and their subcontractors.
Of particular note, business associate agreements that were in place as of January 25, 2013 and have not been significantly modified since that date have until September 22, 2014 to be updated, in accordance with the omnibus regulations. Health plans that engage business associates should make certain their business associate agreements have, in fact, been updated. Generally, this applies to self-funded health plans that engage business associates, such as third party administrators (TPAs), premium administrators, accountants, attorneys, consultants, utilization review entities, and any other entity that engages in a function governed by HIPAA, or with access or use of protected health information (PHI). If the employer’s group health plan is insured and the insurer manages all plan functions, it is possible the employer has not, itself, engaged a business associate.
HIPAA Audits – Phase II. The HHS Office of Civil Rights continues to audit covered entities (health plans, health care clearinghouses and health care providers), as well as business associates in a random selection process to ensure compliance with the privacy, security and breach notification requirements of the law (see Pre-Audit Compliance Survey Initiative, Benefit Beat, 3/18/14).
The information contained in this article is provided as general guidance and may be affected by changes in law or regulation. This article is not intended to replace or substitute for accounting or other professional advice. Please consult a CBIZ professional. This information is provided as-is with no warranties of any kind. CBIZ shall not be liable for any damages whatsoever in connection with its use and assumes no obligation to inform the reader of any changes in laws or other factors that could affect the information contained herein.