Do you have one or more "grandfathered" business associate agreements? Now is the time to review those agreements and send revised agreements or amendments that comply with the Final Rule to the appropriate business associate parties. Here is why.

In January 2013, the United States Department of Health and Human Services published its omnibus "Final Rule" in the Federal Register significantly modifying the HIPAA Privacy Rule and Security Rule to implement provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act passed by Congress in 2009. HIPAA covered entities, such as healthcare providers and health plans, and their business associates were required to comply with many provisions of the Final Rule by September 23, 2013. However, business associate agreements between covered entities and their business associates that were entered into prior to January 25, 2013; were in compliance with the HIPAA rules in effect prior to that date; and were not renewed or amended after March 26, 2013, were grandfathered and not required to comply with the Final Rule until September 23, 2014. Thus, as of September 23, 2014, all grandfathered HIPAA business associate agreements must be updated to comply with the Final Rule.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.