Business Associates versus Compliance

The way we are going there is only one loser in this equation; the Covered and law The Omnibus Rule deadline to have your Business Associate Agreements in place was September 22, 2014. In case you missed it under the HIPAA Omnibus rule, Business Associates (BA) and subcontractors that work with Covered Entities are now accountable for privacy and security of personal health information (PHI). Among the changes in the Omnibus Rule there were quite a few related to the Business Associates, their subcontractors and their responsibilities.  Due to these changes there was a need to create or modify all of the Business Associate Agreements. Many of the BA’s resent the changes and liabilities that the new BA Agreement represent and are refusing to sign and or become compliant with this part of the law.  The problem is that Covered Entities  facing stubborns BA’s are left with only two options: sign the agreement or terminate the relationship. Anything else will simply add more liability to the Covered Entity. The rule doesn’t stop with a signed contract as Covered Entities must also obtain assurances that Bas are also following the provisions of the rule which includes compliance with HIPAA Security and some of the HIPAA Privacy stipulations. Our advice in this case is simple and not a new one: “if you are going to play, learn and follow the rules.”