Please contact Jerri Lynn Ward for more information.
Posted May 20, 2002
Several contracts are required under the new Privacy and Security regulations of HIPAA, but the one most talked about is the Business Associate Agreement. Before you begin making changes to any of the contracts that you have to account for the new privacy rules, we suggest accounting for all of the ones you currently have in place. To aid you in this process we have developed a simple checklist, which can be found at the end of this newsflash.
Before drafting any of these contracts it is important to do a full assessment of all the agreements you currently have and those you have had in the recent past. Be sure you look at ALL agreements, both oral and written. After you have a list of all of the people/organizations with whom you have agreements, you should create an inventory of them and establish a system to identify more “unknown” agreements that may exist.
Next, begin an analysis of the identified agreements to determine which ones need to be changed to account for the new privacy regulations. Some may not need any changes at all if the business associate will not obtain any protected information, for example food services or laundry. Take this time to streamline and pare down all contracts. You may want to consider hiring a lawyer to ensure that the contracts meet all of HIPAA’s requirements. Generally, a lawyer who has a healthcare regulatory practice will be better skilled at this analysis than a general practitioner due to the complexity of the regulations.
The Business Associate Agreement is the contract most think of relating to the HIPAA Privacy Regulations. This contract protects Individually Identifiable Health Information (IIHI) and Protected Health Information (PHI) and requires that Business Associates adhere to the Privacy Practices guidelines. Remember that if you are a covered entity your business associates can hold you responsible for privacy breaches! Do your best to make sure that they are “airtight.” A covered entity must have a Business Associate Agreement with any person or organization that regularly uses or sees IIHI while performing a service for your organization. Business Associate Agreements must:
– authorize contract termination for privacy violations,
– establish exactly how business associate is allowed and/or required to use the protected information,
– address how the protected information will be destroyed, and
– require reporting of improper uses and disclosures of the protected information.
The privacy regulations discuss other requirements for business associate contracts. Take a look at them before making any changes or additions to your current agreements.
While these contracts will contain many similar provisions, each will be different. If you are confused, or need any help, call an expert. That’s what we’re here for!
Click here for our HIPAA Business Associate Agreement Checklist in PDF format..
Click here to download Adobe Acrobat Reader, a free program that allows you to view PDF documents.
All information in this article is informational only and is not legal advice. Should you have any questions or a situation requiring advice, please contact an attorney.
Copyright 2004 by Garlo Ward, P.C., all rights reserved
Austin, Texas 78752-3714 USA
Telephone: 512-302-1103
Facsimilie: 512-302-3256
Email: Info@Garloward.com