HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

HIPAA enforcement: Business Associate Agreement rulemaking needed first – time to plan ahead

February 22, 2010

After learning of comments on HIPAA enforcement made by a member of the HHS OCR legal staff at an ABA meeting on health care issues, I contacted him directly.  Adam Greene confirmed that HITECH Act changes to HIPAA rules regarding business associate agreements will be implemented through standard notice and comment rulemaking, noting that this has been OCR's public take on the issue.  Thus, a notice of proposed rulemaking will be published "shortly," followed by promulgation of a final rule after a comment period.  Even thought the statute calls for the BAA provisions to be effective this month, they clearly will not be.  The breach notification and penalty provisions are already the subject of an interim final rule, so they are in effect. 

As I wrote several months ago,

"business associates" under HIPAA are now required to implement policies and procedures to maintain privacy and security of PHI, parallel to those that have been required of "covered entities" under HIPAA since the beginning. All business associate agreements and notice of privacy practices (NPPs) will have to be updated to account for the new requirements before February. Health care providers that wish to distinguish themselves should consider revising their NPPs to highlight the ease with which they will make copies of records available to patients. This is a bone of contention for many patients, and ensuring that patients' rights to their records are easily exercised could be a way to build goodwill among patients and potential patients.

Thanks to Bob Coffield for pointing to the post on the ABA meeting and raising the question.

I urge all covered entitites and business associates to take heed of these new requirements and begin planning now for implementation of the soon-to-be-released regulations.  Don't sit back and end up being made an example of by OCR (e.g., with a million-dollar fine) or by a state attorney general.  Contact the HealthBlawger now.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Health care policy, Health Law, HIPAA, Hospitals, Physicians, Privacy

you might also like:

  1. First lawsuit filed against a Business Associate under HIPAA / HITECH

  2. Son of HIPAA Breach Notification Rules and Business Associate Requirements: Who's Ready?

  3. ONC announces HITECH amendments to HIPAA privacy, security and enforcement rules

« Massachusetts Health Reform: Is Back-to-the-Future Rate Regulation the Way to Lead the Nation Right Now?
White House Health Care Summit: Watch it Live »

Follow me on Twitter

David Harlow 💉😷 Follow 42,915 17,570

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
2h 1620898131004072027

The Harlow #Healthcare #Innovation Daily #digitalhealth #hcldr #HarlowOnHC Thanks to @Mr_Don_Auto @KardonHIPAA @vadernauts #digitalhealth #healthtech

Image for twitter card

'She handed the police my entire prescription list': Customer claims CVS called the police on him, violated HIPAA

dailydot.com A TikToker revealed a CVS Pharmacy pharmacist called him “insane” and reported him to police ...

paper.li

Reply on Twitter 1620898131004072027 Retweet on Twitter 1620898131004072027 0 Like on Twitter 1620898131004072027 0 Twitter 1620898131004072027
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
6h 1620842034113175552

ICYMI> Interoperability and NLP with Kyle Silvestro, CEO of SyTrue — Harlow On Healthcare https://healthblawg.com/2022/03/interoperability-nlp-sytrue.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Interoperability and NLP Twitter feed image.
Reply on Twitter 1620842034113175552 Retweet on Twitter 1620842034113175552 0 Like on Twitter 1620842034113175552 0 Twitter 1620842034113175552
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
8h 1620801819612946434

The latest Harlow On Health Care Daily #HarlowOnHC #digitalhealth #healthcare #innovation #privacy #hcldr Thx: @TWDigitalHealth @MrsYisWhy @thecommunityvc #digitalhealth #healthtech

Image for twitter card

Artificial intelligence model finds potential drug molecules a thousand times faster

techxplore.com The entirety of the known universe is teeming with an infinite number of molecules. But what fraction...

paper.li

Reply on Twitter 1620801819612946434 Retweet on Twitter 1620801819612946434 0 Like on Twitter 1620801819612946434 0 Twitter 1620801819612946434
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]