Tuesday, September 09, 2014 Business Associate Agreements Must Be Updated by September 22 September 22 is the deadline for meeting new HIPAA rules on some types of business associate agreements, and APTA is reminding members to make sure they're compliant. The HIPAA Omnibus final rule that was published in January 2013 requires that all business associate agreements entered into before January 25, 2013, be updated. A template of the HIPAA-compliant business associate agreement can be found at the US Department of Health and Human Services (HHS) website and on APTA’s HIPAA Resource webpage under the “Model Business Associate Contract Language” link. HIPAA requires covered business entities and associates to enter into agreements that outline the provisions necessary to safeguard protected health information. The rule defines a “business associate” as “a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information.” A subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate may also be a “business associate.” Although HHS provides a business associate agreement template, it’s wise to tailor the template to your business relationship(s). It’s also wise to consult with an experienced health law attorney in your state when entering into or revising agreements so that the agreement is in compliance with all applicable federal and state laws.