Under the HIPAA Omnibus Rule, which will be enforced beginning in September, business associates and their subcontractors that receive, create, transmit or maintain protected health information are now directly responsible for HIPAA compliance.
But for many business associates, building a compliance plan in a hurry could prove challenging. Join us for this exclusive session, designed for covered entities, where you'll gain insights from an experienced HIPAA compliance attorney on:
How to determine what companies qualify as business associates under the latest definition;
Top priorities for working with business associates on HIPAA/HITECH Act compliance;
How to implement breach notification procedures with all partners.
In January 2013, the Department of Health and Human Services issued the HIPAA Omnibus Final Rule, significantly modifying privacy, security, enforcement and breach notification regulations. The first wave of information about the omnibus rule addressed the details of the rule changes. Now, however, it's time to focus on some of the practical, real-life issues that are cropping up in the march toward compliance.
One of the top concerns for covered entities and the ecosystem of vendors supporting them is the rule's new set of regulations covering business associates. Covered entities and business associates are now re-examining their agreements to see what changes are necessary. BAs are also rethinking the fundamentals of their service offerings, their business models and their marketing strategies as a result of these changes. It's not even clear to some vendors whether they are or they aren't "business associates."
In this session, you'll learn about real-life issues of working with business associates from an experienced HIPAA compliance attorney. Among the topicss he will cover are:
What is a "business associate" and how do you know if a vendor is one? Learn what the new rule says about the definition of a business associate. Find out about the factors that federal regulators are focusing on to distinguish between organizations that are and aren't business associates.
Why is "business associate" status a key issue? Learn why some vendors are trying to avoid business associate status and what you can do to negotiate with vendors to ensure compliance while not tanking your vendor deals. For instance, what can you do if you are sure a vendor is a business associate, but the vendor will not sign an agreement acknowledging business associate status?
How should you make changes to your business associate relationships? Gain expert insight on compliance challenges, including the key topics in business associate agreements in light of the omnibus rule and critical changes in relationships with business associates.
How should you work with business associates on breach notification? Learn about new changes in determining whether a reportable data breach occurred and new rules about how to report data breaches. Get advice on how to coordinate breach notification processes with vendors and their downstream subcontractors.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
Stephen Wu is a partner at Cooke Kobrick & Wu LLP. He is former chair of the American Bar Association Section of Science & Technology Law and co-chair of its Information Security Committee. He has written or co-authored five books on data security law, including "A Guide to HIPAA Security and the Law," and is writing a book on managing mobile devices in the enterprise.