The Department of Health and Human Services (HHS) has set a compliance deadline of September 23, 2013, for HIPAA-covered entities to meet essentially all aspects of the new HIPAA rules that were recently updated to implement the Health Information Technology for Economic and Clinical Health (HITECH) Act. Among the many necessary tasks are making changes to policies, privacy notices, training, and a covered entity’s practices such as implementation of individual privacy rights, breach reporting, security measures and business associate contracting. You can read more about these changes, increased enforcement and breach reporting in our past articles on HIPAA under Related Publications to the right. 

One of the highest priority items is updating business associate agreements (BAAs), because the distribution, negotiation and execution process can be time-consuming. Note that BAAs in place prior to January 25, 2013, may be updated either on the next modification or renewal, or prior to September 22, 2014, whichever is earlier. BAAs entered into after January 25 and going forward must be updated by September 23, 2013.