Covered entities that have signed new business associate agreements since Jan. 25 (when the HIPAA Omnibus Final Rule was published) have until Sept. 23 to amend the agreements so they comply with the new regulations.
The final rule broadens the definition of a business associate to include all entities that routinely require access to protected health information (PHI). It also dictates that any entity that contracts with one of your business associates and regularly deals with PHI on their behalf also will be regulated as a business associate.
Do any of your vendors come under the expanded definition of business associate? Is your notice of privacy practices up to date? Find out how to protect your practice. Go to the TMA HIPAA Resource Center for answers.
Action, Aug. 1, 2013