New HIPAA compliance date approaches

Covered entities that have signed new business associate agreements since Jan. 25—when the HIPAA Omnibus Final Rule was published—have until Sept. 23 to amend the agreements so they comply with the new regulations.

The final rule broadens the definition of a business associate to include all entities that routinely require access to protected health information, or PHI. It also dictates that any entity that contracts with one of your business associates and regularly deals with PHI on their behalf also will be regulated as a business associate.

The American Medical Association produced a toolkit to provide physicians guidance in reviewing and updating their HIPAA policies. In addition to some simple instructions and a set of frequently asked questions, the toolkit includes templates for the new privacy notices and agreements with business associates that handle patient information. The resource is free to all physicians on the AMA website, www.ama-assn.org/go/hipaa.

For TAFP’s health information technology resources, go to www.tafp.org/practice-resources/technology.