TDHHS Proposed HIPAA Revisions Target Business Associates

HIPAA Business Associates – entities that access patient information to carry out services for health care providers and plans such as legal, utilization review, certain insurance coverage programs and Information Systems support – are well advised to study the Notice of Proposed Rule Making (“NPRM”) filed by the U.S. Department of Health and Human Services on July 8, 2010. While the NPRM purports to merely codify the changes to the Privacy and Security Rules brought about by the HITECH Act, it emphasizes the need for Business Associates to obtain written assurances from those to whom they send Protected Health Information, including consultants and litigation expert witnesses, that the recipients of the information will implement safeguards for the patient information consistent with the requirements of HIPAA. AS Business Associates are now covered by a substantial portion of the Privacy and Security Rules, and thus are under the enforcement jurisdiction of DHHS, this “written assurances” requirement (called a “Memorandum Letter of Understanding” in previous DHHS Guidance documents), takes on the import of a HIPAA mandate. We will continue to monitor DHHS and CMS for additional Guidance and Commentary.

TDHHS Proposed HIPAA Revisions Target Business Associates

TDHHS Proposed HIPAA Revisions Target Business Associates

Health Care and HIPAA Compliance

Health Care Compliance