Changes in Legislation require Business Associate Agreement
On February 17, 2009, President Obama signed into law the American Recovery and Reinvestment Act of 2009 (“ARRA”). The Health Information and Technology for Economic and Clinical Health Act (“HITECH”) provisions of ARRA in Title XIII include important changes related to business associates. Furthermore, ARRA contains provisions related to the privacy and security provisions of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). As an example, absent any contractual obligations to the contrary, one of these changes require business associates to report breaches involving unsecured protected health information to the applicable covered entity within 60 days of discovering the breach. This change, as well as many others, is currently scheduled to become effective on February 17, 2010.
As a result of these changes and absent any changes to the regulations prior to February 17, 2010, Pershing Yoakley & Associates, PC (“PYA”) recommends the execution of an amended Business Associate Agreement (“BAA”). As such, and although we may have executed a BAA with you in the past, you may be receiving correspondence in the coming weeks containing an amended BAA.
If your organization has an updated BAA which you would prefer to utilize, please forward it to us as directed in our forthcoming correspondence.
This correspondence does not imply a contractual obligation. Should you have questions please feel free to contact the expert listed below at (800) 270-9629.
