Business associates (BA) and covered entities want to know what they must do to comply with the new HIPAA laws in the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Actually, they must know. The compliance deadline is February 18, 2010, but many questions linger.
During an HCPro July 29 audio conference, “Business Associates and Covered Entities: Adapt Contracts to Comply With New HIPAA Law,” attendees asked several questions, including:
The questions probably won’t stop any time soon. However, case-by-case scenarios aside, there is an overlying message to all parties affected by the new HIPAA laws.
“The first thing both the covered entities and the business associates should do is try to understand the new requirements and analyze the gaps between their existing policies, procedures and practices, and what they should be doing—both under HITECH and anything they’ve missed or avoided under HIPAA,” John R. Christiansen, lawyer at Christiansen IT Law in Seattle and chair of the newly formed HITECH Business Associates Task Force of the American Bar Association’s Health Law Section and the HITRUST Business Associates Working Group of the Health Information Trust Alliance said during the audio conference.
Chris Apgar, president of Portland, OR–based Apgar & Associates, LLC, also presented tips for compliance during the program.
The next step is to map out your expectations regarding contract revisions, as a last-minute approach will overwhelm each party.
“This could make for an unhappy holiday season and cancelled ski trips for folks in organizations which don’t start this process in the very near future,” Christiansen said.
After hearing the responses during and after the audio conference, Christiansen said some covered entities and BAs need to accept some basic denials, including: