KDDK Home About KDDK KDDK Practice Areas KDDK Attorneys Careers at KDDK KDDK Newsletters KDDK Happenings Contact KDDK
KDDK Newsletters
Newsletter 2010
Newsletters

June/July 2010

 

 

FLSA Now Requires Break Time for Nursing Mothers

  

Recess Appointments Fill Vacant NLRB Seats

  

 

Newsletter Archives

 

 

 Printer Friendly Page

Updated HIPAA Rules Affect Business Associates
By Ted Barron

The Department of Health & Human Services (HHS) recently updated the Health Insurance Portability & Accountability Act of 1996 (HIPAA). These changes are contained in the Health Information Technology for Economic and Clinical Health (HITECH) Act, which took effect on February 17, 2010, and affect all “business associates.” HHS began enforcing the rules on February 22.

Under HIPAA, a “business associate” is a person or entity that performs functions or provides services that involve the use or disclosure of patients’ individually identifiable personal health information (PHI) on behalf of a covered entity (which may include employers who offer self insured health plans to their employees). Business associates may include entities providing billing services claims processing, practice management, benefit management, utilization review, or quality assurance reviews. Other entities that are less obvious but could be also be deemed business associates include attorneys, accountants, consultants, paper destruction and recycling companies, medical coders or transcriptionists, software & information systems vendors and temporary workers. Under the updated rules, businesses are now directly subject to HIPAA’s requirements to keep PHI private and secure from breach. Failure to comply may subject businesses to civil and criminal penalties.

If you are a covered provider, you should have sent out revised Business Associate Agreements to all of your business associates by now. If you are a business associate to a covered provider, you likely have received, or will receive shortly, a revised agreement. You should pay particular attention to the Business Associate Agreement requirements for establishing policies and procedures that should include establishing safeguards and employee training to protect PHI and to reduce the risks of a security breach. The agreement should also contain the requirement for a business associate to provide prompt notice to a covered entity in the event a security breach is discovered, and may also include broad indemnification provisions requiring the business associate to pay for all costs associated with any such breach.

If you have any questions concerning the HITECH Act rules or Business Associate Agreements, please contact us.

<< FLSA Now Requires Break Time for Nursing Mothers
< Recess Appointments Fill Vacant NLRB Seats


Home | About Us | Practice Areas | Our Attorneys | Careers | Newsletter | Happenings | Contact UsLinks | Site Map 

KDDK Logo

Kahn, Dees, Donovan & Kahn, LLP
501 Main Street, Suite 305
Evansville, Indiana 47708
Telephone: (812) 423-3183 
Facsimile: (812) 423-3841

Copyright © 2011, Kahn, Dees, Donovan & Kahn, LLP. All Rights Reserved. 
Read our Terms of Use Policy.  Site Designed by The Net Impact