Changes to the HIPAA Privacy Rule released in January 2013 as part of the Omnibus Final Rule require all plan sponsors to enter into agreements with their business associates who have access to protected health information of their group health plan. These agreements must be in place by September 23, 2013.
The business associate agreement outlines protections in place with respect to personal health information held by the business associate. It also addresses compliance requirements outlined in the privacy rule. Finally, it clarifies that the business associate will report to the covered entity any discovered breaches of PHI in violation of HIPAA.
BAS understands the importance of compliance with all applicable rules, including HIPAA. Toward that end, BAS has proactively taken steps to make sure its clients' group health plans have a business associate agreement in place with BAS to address HIPAA Privacy and Security Requirements. BAS has sent all employers a business associate agreement for their plan records. If you are a client of BAS but have not received an agreement, please contact your account manager.
