Covered entities that have signed new business associate agreements since Jan. 25, 2013, (when the HIPAA Omnibus Final Rule was published) had until Sept. 23, 2013, to amend those agreements so they comply with the new regulations.
The final rule broadens the definition of a business associate to include all entities that routinely require access to protected health information (PHI). It also dictates that any entity that contracts with one of your business associates and regularly deals with PHI on their behalf also will be regulated as a business associate.
Do any of your vendors come under the expanded definition of business associate? Is your notice of privacy practices up to date? Need to know more? Visit TMA's HIPAA Resource Center.
Updated Aug. 18, 2014
Action, Jan. 3, 2014