The deadline is September 22, 2014 for group health plans to amend certain business associate agreements (“BAAs”) for compliance with amendments to the Health Insurance Portability and Accountability Act (“HIPAA”) Privacy, Security and Enforcement Rules (the “Changes”) that were issued by the Department of Health and Human Services (“HHS”). The Changes impact the requirements that BAAs must meet to be compliant with HIPAA Privacy and Security Rules. However, BAAs that qualified for a transition rule (i.e., generally those BAAs which (i) were entered into on or before January 25, 2013 and (ii) were not amended or renewed between March 26, 2013 and September 23, 2013), were deemed to comply with the Changes until the earlier of (i) the date the BAA was modified or renewed on or after September 23, 2013 or (ii) September 22, 2014. Consequently, any group health plan which qualified for this transition rule must amend such BAAs on or before September 22, 2014 in order to remain compliant with HIPAA.