The HIPAA Final Omnibus Rules as published January 15, 2013 addressed additional requirements for Business Associates. The Final Rule adopts modifications to the Business Associate Agreement, including additional requirements for contractors of Business Associates (“BAs”), requirements to comply with the Security Rule with respect to ePHI, and requirements to comply with the Privacy Rules.

Under the new rules the “satisfactory assurances” of a Business Associate’s compliance with HIPAA regulations, as contained in their BA Agreement, is no longer sufficient to achieve HIPAA compliance. Going beyond the obligatory signing of the BA Agreement, you have a requirement to conduct a new level of due diligence to manage your risk.

Carosh will review all entities working with you to determine which ones are Business Associates and therefore require updated Business Associate Agreements. We will also assess each Business Associate to assure their compliance with HIPAA regulations. Carosh will review and update the standard BA agreement and define a phase-in schedule to bring all BAs and BA agreements into compliance with the Final Omnibus Rules.