Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

Size: px
Start display at page:

Download "Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates"

Transcription

1 Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates November 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP Nancy E. Bonifant Associate Reed Smith LLP

2 Agenda Compliance Dates HIPAA Enforcement Breach Notification Rule Marketing Communications Sale of Protected Health Information Business Associate Compliance Individual Rights 2

3 Key Dates for Compliance Final Rule published January 25, 2013 Effective Date March 26, 2013 Breach Notification Rule enforced under Interim Final Rule until General Compliance Date General Compliance Date September 23, 2013 Exceptions: Business Associate Agreements Exceptions: Prescription Refill Reminders 3

4 Key Dates for Compliance (cont.) Enforcement Rule: March 26, 2013 Business Associate Agreements Grandfather period - through Sept. 22, 2014 unless BAA is modified or renewed New BAAs executed (or those modified/renewed) must meet Final Rule requirements by Sept. 23, 2013 Prescription Refill Reminders Grandfather period - through Sept. 23, 2014 if patient already enrolled in program, provided that patient has not opted out and the prescription has not been renewed 4

5 HIPAA Enforcement Global Considerations Say Goodbye to Voluntary Compliance! Security Rule Risk Assessment is a key component to successfully surviving an OCR investigation/inquiry This is reflected through direct statements and enforcement trends Final Rule mostly imports earlier changes from 2009 Interim Enforcement Final Rule and the 2010 HITECH Proposed Rule 5

6 HIPAA Enforcement (cont.) HITECH Enforcement CMP Levels Violation Category Each Violation All Identical Violations per Calendar Year Did Not Know $100 - $50,000 Reasonable Cause $1,000 - $50,000 Willful Neglect Corrected Willful Neglect Not Corrected $10,000 - $50,000 $1.5 million $1.5 million $1.5 million $50,000 $1.5 million 6

7 HIPAA Enforcement (cont.) For Violations due to Willful Neglect Investigation or compliance review will always be triggered whenever OCR s preliminary review indicates possible violation because of willful neglect OCR may now proceed immediately to penalties (no longer must try to first resolve noncompliance through informal means) Business associates now directly liable for CMPs 7

8 HIPAA Enforcement (cont.) Agency Relationships Covered entities now liable for the acts of their business associate agents Business associates liable for acts of their subcontractor agents OCR: Key consideration is control Affirmative Defenses Old Rule: No CMP where a violation is criminally punishable New Rule No CMP where a violation is criminally punished 8

9 HIPAA Enforcement (cont.) OCR (maybe) has less discretion in determining CMP amount Based on nature and extent of the violation and extent of the harm resulting from the violation OCR Guidelines for calculating CMPs Number of violations = number of individuals affected Number of violations = number of days safeguard not in place $1.5 million limit for identical violations in a calendar year applies to the legal entity constituting the covered entity Important when various business units within a covered entity suffer enforcement for identical violations Enforcement Perspective of OCR (relating to breaches) The government appreciates that loss and theft will occur Ultimately, when it does occur, OCR will focus on what was done preventively to best protect the involved PHI Does a covered entity/business associate have a good (and documented) reason as to why encryption was not used? 9

10 Breach Notification Rule History 2009 HITECH Act 2009 Interim Final Rule HITECH Final Rule Bulk of the Breach Notification rule has been left unchanged Notification of breach of unsecured PHI Media notice requirements (500+ individuals) Notice to OCR (including annual notice for less than 500 individuals) Content requirements of notice Timing of notice to individuals (without unreasonable delay but in no event later than 60 days after discovery) 10

11 Breach Notification Rule (cont.) Significant Change Definition of Breach HITECH Act definition Acquisition, access, use, or disclosure of PHI in a manner not permitted by the Privacy Rule that compromises the privacy or security of PHI Interim Final Breach Notification Rule Further defined compromise Risk of harm analysis (financial, reputational, other harm) OCR (and industry) have noted challenges in applying this standard HITECH Final Rule Impermissible access, use, or disclosure under the Privacy Rule now presumed to be a breach unless it can be demonstrated that there is a low probability that the PHI has been compromised 11

12 Breach Notification Rule (cont.) Determination that there is a low probability that PHI has been compromised OCR provides four factors that must be weighed in making this determination 1. Nature and extent of the PHI involved (including the types of identifiers involved), and likelihood of re-identification Risk of Harm component? Not really consider the likelihood of re-identification based on PHI involved and the identity of recipient 2. The unauthorized person who used the PHI or to whom the disclosure was made 3. Whether the PHI was actually acquired or viewed 4. The extent to which the risk to the PHI has been mitigated Satisfactory assurances Additional OCR guidance to be published timing is unclear 12

13 Breach Notification Rule (cont.) Important Clarifications and Emphasis in Final Rule Limited Data Set exception removed Trigger for annual notification is date of discovery (not date of incident) Important for incidents that occur (but are not discovered) at the end of a calendar year Media notice does not require covered entities to buy ad space Notification time period is not within 60 days of discovery This is absolute latest a notification may be deemed compliant 13

14 Marketing Communications Former Privacy Rule To make a communication about a product or service that encourages recipients of the communication to purchase or use the product or service Treatment and certain health care operations communications excluded Final Rule Eliminates exceptions for financially remunerated treatment and health care operations communications Prior authorizations required when a covered entity receives financial remuneration in exchange for making a treatment communication 14

15 Marketing Communications (cont.) Financial Remuneration Defined as monetary direct or indirect payments from the third party whose product or service is being described Notably, financial remuneration does not include in-kind benefits Financial Remuneration and Business Associates If a business associate (or subcontractor) receives financial remuneration from a third party in exchange for making a communication about a product or service, that communication is marketing and requires an authorization 15

16 Marketing Communications (cont.) Two Critical Questions: 1. Is the covered entity or business associate receiving financial remuneration? 2. Is the covered entity or business associate receiving the financial remuneration for the purpose of making the communication? 16

17 Marketing Communications (cont.) Scope of Authorizations Need not be limited to communications describing a single product or service or services of a single third party A single authorization may apply to subsidized communications generally Exceptions to Authorization Requirement Remain Face-to-face communications Promotional gifts of nominal value 17

18 Marketing Communications Prescription Refill Reminder Exception Financially remunerated prescription refill reminders remain excluded if financial remuneration limited to reasonable costs of making the communication Recent Guidance from OCR Two-and-a-Half Critical Questions: 1. Is the communication about a currently prescribed drug or biologic? 2. Does the communication involve financial remuneration, and if so, is it reasonable? 18

19 Marketing Communications Prescription Refill Reminder Exception (cont.) Is the communication about a currently prescribed drug or biologic? Within Exception: Refill reminders about a drug or biologic that is currently being prescribed Communications regarding generic equivalents Communications about a recently lapsed prescription (i.e., within past 90 calendar days) Adherence communications For individuals who are prescribed a self-administered drug or biologic, communications regarding all aspects of a drug delivery system Not Within Exception: Communications about specific new formulations of a currently prescribed medicine Communications about specific adjunctive drugs related to the currently prescribed medicine Communications encouraging an individual to switch from a prescribed medicine to an alternative 19

20 Marketing Communications Prescription Refill Reminder Exception (cont.) Does the communication involve financial remuneration, and if so, is it reasonable? Within Exception: No financial remuneration involved Only non-financial or in-kind remuneration, such as supplies, computers, or other materials Only payments from a party whose product is not being described (and not on behalf of the party whose product is being described) Financial remuneration covers only the reasonable direct and indirect costs related to the refill reminder (i.e., labor, materials, and supplies, as well as capital and overhead costs) Involves payment to business associate assisting the covered entity, which is limited to the FMV of the business associate s services Not Within Exception: Involved financial remuneration not described above 20

21 Sale of Protected Health Information Sale of PHI Defined The disclosure of PHI by a covered entity (or business associate, if applicable) where the covered entity directly or indirectly receives remuneration from or on behalf of the recipient of the PHI in exchange for the PHI Financial Remuneration Unlike marketing communications, remuneration includes financial payments as well as nonfinancial, in-kind benefits In Exchange For PHI Covered entity primarily being compensated to supply PHI Excludes remuneration in the form of grants and contracts to perform programs or activities that also involve the disclosure of PHI 21

22 Sale of Protected Health Information (cont.) General Prohibition: Sale of PHI is prohibited in the absence of an authorization that states the disclosure of PHI will result in remuneration to the covered entity Notable Exceptions - Regardless of the Amount of Remuneration: For public health purposes For treatment and payment purposes For the sale, transfer, merger or consolidation of all or part of the covered entity and for related due diligence As required by law 22

23 Sale of Protected Health Information (cont.) Notable Exceptions With Limits On Remuneration: For research purposes (provided the remuneration is limited to the covered entity s reasonable cost to prepare and transmit the PHI) To the individual to provide him/her with access to PHI or an accounting of disclosures (remuneration limited to permissible charges under Privacy Rule) To or by a business associate for activities that the business associate undertakes on behalf of a covered entity, or on behalf of a business associate in the case of a subcontractor (remuneration must be for the actual performance of activities) For any other purpose permitted by or in accordance with the Privacy Rule (limited to a reasonable cost-based fee) 23

24 Business Associate Compliance Definition of Business Associate Expanded Health Information Organizations E-Prescribing Gateways Patient Safety Organizations Cloud Providers Business associate subcontractors Requires delegation of a function, activity, or service that involve the creation, receipt, maintenance, or transmission of PHI All the way down the chain 24

25 Business Associate Compliance (cont.) Direct Liability: Security Rule September 23, 2013: Business associates are directly liable for a failure to comply with the requirements of the Security Rule Direct Liability: Impermissible Uses and Disclosures of PHI and Business Associate Agreements Business associate s Privacy Rule obligations are tied to the uses and disclosures permitted and prohibited in the BAA But, a business associate s liability exposure is not tied to the existence of a BAA liability attaches when a person creates, receives, maintains or transmits PHI on behalf of a covered entity 25

26 Business Associate Compliance (cont.) Direct Liability: Additional HITECH Statutory Requirements For a failure to provide breach notification to the covered entity For a failure to provide access to a copy of electronic PHI to either the covered entity, the individual, or the individual s designee (whichever is specified in the business associate agreement) For a failure to disclose PHI where required by the secretary to investigate or determine the business associate s compliance with the HIPAA Rules, or For a failure to provide an accounting of disclosures 26

27 Individual Rights Statutory Requirement for Accounting of Disclosures Not Addressed May 2011 Proposed Rule HITECH Act requires accounting of disclosures of PHI made by a covered entity over the past three years to carry out treatment, payment, and health care operations Omnibus HITECH Final Rule Addresses: An individual s right to restrict certain disclosures of PHI An individual s right to access his or her PHI maintained in designated record sets 27

28 Individual Rights (cont.) Right to Request a Required Restriction. Covered entities are required to comply with an individual s request to restrict disclosure of the individual s PHI to a health plan where: The disclosure is for payment or health care operations purposes Is not otherwise required by law The PHI pertains solely to health care services or items for which the individual, or another person on the individual s behalf, has paid the covered entity in full 28

29 Individual Rights (cont.) Right to Access PHI: Individuals now have the right to obtain an electronic copy of PHI that is maintained in any electronic system. Readable Electronic Format: Covered entities must be able to provide a readable electronic form. For example, MS Word or Excel, text, HTML, or text-based PDF. Time to Respond to Request: Thirty days to take action and one 30-day extension Fees: Reasonable, cost-based fees may be charged. Such fees may not include labor costs for locating the PHI, but may include labor costs for creating and copying the electronic file 29

30 Questions? 30

31 Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates November 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP Nancy E. Bonifant Associate Reed Smith LLP 31

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates

Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates Long-Awaited HITECH Final Rule: Addressing the Impact on Operations of Covered Entities and Business Associates March 7, 2013 Brad M. Rostolsky Partner Reed Smith LLP brostolsky@reedsmith.com Nancy E.

More information

Omnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule

Omnibus Components. Not in Omnibus. HIPAA/HITECH Omnibus Final Rule Office of the Secretary Office for Civil Rights () HIPAA/HITECH Omnibus Final Rule April 12, 2013 HHS Office for Civil Rights Omnibus Components Final Rule on HITECH Privacy, Security, & Enforcement Provisions

More information

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

Legal and Privacy Implications of the HIPAA Final Omnibus Rule Legal and Privacy Implications of the HIPAA Final Omnibus Rule February 19, 2013 Pillsbury Winthrop Shaw Pittman LLP Faculty Gerry Hinkley Partner Pillsbury Winthrop Shaw Pittman LLP Deven McGraw Director,

More information

Management Alert Final HIPAA Regulations Issued

Management Alert Final HIPAA Regulations Issued Management Alert Final HIPAA Regulations Issued After much anticipation, the Department of Health and Human Services (HHS) has issued its omnibus set of final regulations modifying and clarifying the privacy,

More information

Highlights of the Omnibus HIPAA/HITECH Final Rule

Highlights of the Omnibus HIPAA/HITECH Final Rule Highlights of the Omnibus HIPAA/HITECH Final Rule Health Law Whitepaper Katherine M. Layman 215.665.2746 klayman@cozen.com Gregory M. Fliszar 215.665.7276 gfliszar@cozen.com Judy Wang Mayer 215.665.4737

More information

Changes to HIPAA Under the Omnibus Final Rule

Changes to HIPAA Under the Omnibus Final Rule Changes to HIPAA Under the Omnibus Final Rule Kimberly J. Kannensohn and Nathan A. Kottkamp, McGuireWoods 1 The Long-Awaited HIPAA Final Rule On Jan. 17, 2013, the Department of Health and Human Services

More information

To: Our Clients and Friends January 25, 2013

To: Our Clients and Friends January 25, 2013 Life Sciences and Health Care Client Service Group To: Our Clients and Friends January 25, 2013 Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health

More information

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel HIPAA Training HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel Agenda HIPAA basics HITECH highlights Questions and discussion HIPAA Basics Legal Basics Health Insurance Portability

More information

Compliance Steps for the Final HIPAA Rule

Compliance Steps for the Final HIPAA Rule Brought to you by The Alpha Group for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions.

More information

HIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules

HIPAA Compliance. PART I: HHS Final Omnibus HIPAA Rules HIPAA Compliance PART I: HHS Final Omnibus HIPAA Rules Colin J. Zick Foley Hoag LLP (617) 832-1000 www.foleyhoag.com February 6, 2013 www.securityprivacyandthelaw.com HIPAA Compliance: PART I 1 Finally!

More information

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 The Impact of Final Omnibus HIPAA/HITECH Rules Presented by Eileen Coyne Clark Niki McCoy September 19, 2013 0 Disclaimer The material in this presentation is not meant to be construed as legal advice

More information

ReedSmith. The HITECH Final Rule: The New Privacy/Security Rules of the Road Have Finally Arrived. Reed Smith Client Alert

ReedSmith. The HITECH Final Rule: The New Privacy/Security Rules of the Road Have Finally Arrived. Reed Smith Client Alert The business of relationships. SM Reed Smith Client Alert The HITECH Final Rule: The New Privacy/Security Rules of the Road Have Finally Arrived Written by Brad M. Rostolsky, Nancy E. Bonifant, Salvatore

More information

The wait is over HHS releases final omnibus HIPAA privacy and security regulations

The wait is over HHS releases final omnibus HIPAA privacy and security regulations The wait is over HHS releases final omnibus HIPAA privacy and security regulations The Department of Health and Human Services (HHS) published long-anticipated (and longoverdue) omnibus regulations under

More information

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013 Pat Henrikson, Banner Health HIPAA Compliance Program Director, Chief Privacy Officer Agenda Background

More information

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013! Coping with, and Taking Advantage of, HIPAA s New Rules!!! Deven McGraw Director, Health Privacy Project April 19, 2013! Status of Federal Privacy Regulations! Omnibus Rule (Data Breach, Enforcement, HITECH,

More information

AFTER THE OMNIBUS RULE

AFTER THE OMNIBUS RULE AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan Member

More information

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners

2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners 2013 HIPAA Omnibus Regulations: New Rules for Healthcare Providers and Collections Partners Providers, and Partners 2 Editor s Foreword What follows are excerpts from the U.S. Department of Health and

More information

HHS, Office for Civil Rights. IAPP October 11, 2012

HHS, Office for Civil Rights. IAPP October 11, 2012 HHS, Office for Civil Rights IAPP October 11, 2012 Enforce federal civil rights laws and the HIPAA Privacy and Security Rules HQ and 10 Regional Offices Region IX has jurisdiction over covered entities

More information

Getting a Grip on HIPAA

Getting a Grip on HIPAA Getting a Grip on HIPAA Privacy and Security of Health Information in the Post-HITECH Age Jean C. Hemphill hemphill@ballardspahr.com 215.864.8539 Edward I. Leeds leeds@ballardspahr.com 215.864.8419 Amy

More information

Compliance Steps for the Final HIPAA Rule

Compliance Steps for the Final HIPAA Rule Compliance Steps for the Final HIPAA Rule On Jan. 25, 2013, the Department of Health and Human Services (HHS) issued a final rule under HIPAA s administrative simplification provisions. The final rule

More information

ACC Compliance and Ethics Committee Presentation February 19, 2013

ACC Compliance and Ethics Committee Presentation February 19, 2013 ACC Compliance and Ethics Committee Presentation February 19, 2013 Melinda G. Murray Associate General Counsel, Holy Cross Hospital and Jill M. Girardeau Partner, Womble Carlyle Sandridge & Rice, LLP HIPAA

More information

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school

HIPAA OMNIBUS RULE. The rule makes it easier for parents and others to give permission to share proof of a child s immunization with a school ASPPR The omnibus rule greatly enhances a patient s privacy protections, provides individuals new rights to their health information, and strengthens the government s ability to enforce the law. The changes

More information

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Robert S. Ellerbrock, III Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 Reasons for HIPAA Privacy Rules Perceived need for protection

More information

New HIPAA-HITECH Proposed Regulations Issued

New HIPAA-HITECH Proposed Regulations Issued July 2010 New HIPAA-HITECH Proposed Regulations Issued On Thursday July 14, 2010, the Department of Health and Human Services (HHS) published proposed regulations in the Federal Register on many provisions

More information

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights HIPAA Update Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights New Mexico Health Information Management Association Conference April 11, 2014 Albuquerque, NM Recent Enforcement

More information

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment

More information

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule HIPAA THE NEW RULES Highlights of the major changes under the Omnibus Rule AUTHOR Gamelah Palagonia, Founder CIPM, CIPP/IT, CIPP/US, CIPP/G, ARM, RPLU+ PRIVACY PROFESSIONALS LLC gpalagonia@privacyprofessionals.com

More information

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013 HIPAA Privacy & Security 2013 Omnibus Final Rule update Dan Taylor, Infinisource Copyright 2013 All rights reserved. Highlights from Final Rules January 25, 2013 Made business associates directly liable

More information

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do

GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do GUIDE TO THE OMNIBUS HIPAA RULE: What You Need to Know and Do By D Arcy Guerin Gue, Phoenix Health Systems, a division of Medsphere Systems Corporation With Steven J. Fox, Post & Schell Originally commissioned

More information

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off

HIPAA Enforcement Under the HITECH Act; The Gloves Come Off HIPAA Enforcement Under the HITECH Act; The Gloves Come Off Leeann Habte, Esq. Michael Scarano, Esq. December 6, 2011 Attorney Advertising Prior results do not guarantee a similar outcome Models used are

More information

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors

CLIENT UPDATE. HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors CLIENT UPDATE February 20, 2013 HIPAA s Final Rule: The Impact on Covered Entities, Business Associates and Subcontractors On January 25, 2013, the U.S. Department of Health and Human Services ( DHHS )

More information

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by HIPAA Omnibus Rule Critical Changes for Providers Presented by Susan A. Miller, JD Hosted by agenda What the Omnibus Rule includes + Effective and Compliance Dates Security Breach Notification Enforcement

More information

HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities

HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities Health Care Focus March 2013 HIPAA Omnibus Final Rule Has Important Changes for Business Associates and Covered Entities Peggy L. Barlett 608.284.2214 pbarlett@gklaw.com M. Scott LeBlanc 414.287.9614 sleblanc@gklaw.com

More information

ARRA s Amendments to HIPAA Privacy & Security Rules

ARRA s Amendments to HIPAA Privacy & Security Rules ARRA s Amendments to HIPAA Privacy & Security Rules Georgina L. O Hara Jessica R. Bernanke April 29, 2009 www.morganlewis.com Amended HIPAA Privacy and Security Rules HIPAA Amendments are in The Health

More information

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule

Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule Hayden W. Shurgar HIPAA: Privacy, Security, Enforcement, HITECH, and HIPAA Omnibus Final Rule 1 IMPORTANCE OF STAFF TRAINING HIPAA staff training is a key, required element in a covered entity's HIPAA

More information

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government HITECH and HIPAA: Highlights for Health Departments Aimee Wall UNC School of Government When Congress enacted sweeping legislation in February designed to stimulate the nation s economy, it incorporated

More information

ARTICLE 1. Terms { ;1}

ARTICLE 1. Terms { ;1} The parties agree that the following terms and conditions apply to the performance of their obligations under the Service Contract into which this Exhibit is being incorporated. Contractor is providing

More information

Health Law Diagnosis

Health Law Diagnosis February Page 1 of 2013 11 Health Law Diagnosis HHS Releases Final HITECH Omnibus Rule After waiting over two years from the publication of the Notice of Proposed Rulemaking to implement provisions of

More information

O n Jan. 25, the Office for Civil Rights (OCR) of the. Privacy and Security Law Report

O n Jan. 25, the Office for Civil Rights (OCR) of the. Privacy and Security Law Report Privacy and Security Law Report Reproduced with permission from Privacy & Security Law Report, 12 PVLR 168, 02/04/2013. Copyright 2013 by The Bureau of National Affairs, Inc. (800-372-1033) http://www.bna.com

More information

HIPAA OMNIBUS FINAL RULE

HIPAA OMNIBUS FINAL RULE HIPAA OMNIBUS FINAL RULE Webinar Series Part 3 Breach Notification April 16, 2013 I. BACKGROUND 2 1 Background > HIPAA Omnibus Final Rule: Announced on January 17, 2013 Published in Federal Register on

More information

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE

SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE SATINSKY CONSULTING, LLC FINAL OMNIBUS HIPAA PRIVACY AND SECURITY RULE This newsletter summarizes the highlights of the Final Omnibus HIPAA Privacy and Security Rule announced by the Department of Health

More information

MEMORANDUM. Kirk J. Nahra, or

MEMORANDUM. Kirk J. Nahra, or MEMORANDUM TO: FROM: Interested Parties Kirk J. Nahra, 202.719.7335 or knahra@wileyrein.com DATE: January 28, 2013 RE: The HIPAA/HITECH Omnibus Regulation After almost four years, the Department of Health

More information

Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013

Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013 Preparing to Comply With the HITECH Final Rule Tuesday, March 19, 2013 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (this Agreement ) is made effective as of the of, (the Effective Date ), by and between day hereafter referred to as ( Business Associate

More information

NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH

NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH NPRM: Modifications to the HIPAA Privacy, Security, and Enforcement Rules under HITECH Speakers Lisa A. Gallagher, BSEE, CISM, CPHIMS Senior Director, Privacy and Security HIMSS lgallagher@himss.org Amy

More information

Determining Whether You Are a Business Associate

Determining Whether You Are a Business Associate The HIPAApotamus in the Room: When Lawyers and Law Firms are Subject to HIPAA Enforcement, And How to Comply with the Law by Leslie R. Isaacman, J.D., M.B.A. The Omnibus Final Rule 1 of the Health Information

More information

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP

UNDERSTANDING HIPAA & THE HITECH ACT. Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP UNDERSTANDING HIPAA & THE HITECH ACT Heather Deixler, Esq. Associate, Morgan, Lewis & Bockius LLP 1 Objectives of Presentation Learn what HIPAA is Learn the purpose of HIPAA Understand who HIPAA regulates

More information

OMNIBUS RULE ARRIVES

OMNIBUS RULE ARRIVES AFTER THE OMNIBUS RULE 1 Agenda Omnibus Rule is here Business Associates (BAs) Agreement Breach Notification Change Breach Reporting Requirements (Federal and State) Notification to Care1st Health Plan

More information

Practical Guidance and Proposed Solutions in Response to the HIPAA Final Omnibus Rule

Practical Guidance and Proposed Solutions in Response to the HIPAA Final Omnibus Rule Practical Guidance and Proposed Solutions in Response to the HIPAA Final Omnibus Rule February 21, 2013 Megan Hardiman Katten Muchin Rosenman LLP Chicago, Illinois 312.902.5488 megan.hardiman@kattenlaw.com

More information

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates

Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates Health Insurance Portability and Accountability Act (HIPAA) Terms and Conditions For Business Associates I. OVERVIEW/DEFINITIONS The Health Insurance Portability and Accountability Act (HIPAA) is a federal

More information

HIPAA Omnibus Rule Compliance

HIPAA Omnibus Rule Compliance HIPAA Omnibus Rule Compliance Jana Aagaard, JD Senior Counsel, Privacy/HIT Dignity Health Christy Navarro, MS CIPP/US Director, Chief Privacy Officer - Ascendian 1 Overview Background What Should Be Done

More information

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013 HITECH/HIPAA Omnibus Final Rule: Implications for Hospices Elizabeth S. Warren May 3, 2013 Final Rule is Finally Here Published January 25, 2013 (78 Fed. Reg. 5566) Effective March 26, 2013 Compliance

More information

Fifth National HIPAA Summit West

Fifth National HIPAA Summit West Fifth National HIPAA Summit West Privacy and Security under the HITECH Act W. Reece Hirsch Paul T. Smith, Partner, Partner, Hooper, Lundy & Bookman 1 Developments The Health Information Technology for

More information

Business Associate Agreement

Business Associate Agreement This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

More information

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules Gina Campanella, JD HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, Esq.

More information

Welcome to today s Webinar

Welcome to today s Webinar Welcome to today s Webinar Managing Risk Exposure in Meaningful Use Stage 2 June 28 28, 2013 A A project project of of L.A. L.A. Care Care Health Health Plan Plan 1 Ralph Oyaga, Esq., J.D., MBA is the

More information

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA)

Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA) Business Associate Agreement Health Insurance Portability and Accountability Act (HIPAA) This Business Associate Agreement (the Agreement ) is made and entered into by and between Washington Dental Service

More information

HIPAA Compliance Under the Magnifying Glass

HIPAA Compliance Under the Magnifying Glass HIPAA Compliance Under the Magnifying Glass July 30, 2013 Stacy Harper, JD, MHSA, CPC A Webinar Provided by Presenter Stacy Harper Lathrop & Gage, LLP sharper@lathropgage.com 913-451-5125 The information

More information

HIPAA & The Medical Practice

HIPAA & The Medical Practice HIPAA & The Medical Practice Requirements for Privacy, Security and Breach Notification Gina L. Campanella, JD, MHA, CHA Founder & Principal, Campanella Law Office Of Counsel, The Beinhaker Law Firm BEINHAKER,

More information

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15) Protected Health Info HIPAA Update: Avoiding Penalties IHCA (7/15) Preliminaries This presentation is similar to any other legal education materials designed to provide general information on pertinent

More information

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V. HIPAA Compliance: Privacy and Security Changes under HITECH Mary V. Bauman www.millerjohnson.com The materials and information have been prepared for informational purposes only. This is not legal advice,

More information

HIPAA Omnibus Final Rule and Research

HIPAA Omnibus Final Rule and Research Office of the Secretary Office for Civil Rights () HIPAA Omnibus Final Rule and Research Federal Demonstration Partnership September 17, 2013 Christina Heide, JD Senior Health Information Privacy Policy

More information

Highlights of the Final Omnibus HIPAA Rule

Highlights of the Final Omnibus HIPAA Rule Highlights of the Final Omnibus HIPAA Rule Health Information & the Law Project 1 Jane Hyatt Thorpe, JD Lara Cartwright-Smith, JD, MPH Devi Mehta, JD, MPH Elizabeth Gray, JD Teresa Cascio, JD Grace Im,

More information

ALERT. November 20, 2009

ALERT. November 20, 2009 ALERT HIPAA PRIVACY FOR EMPLOYERS HAS CHANGED. IMMEDIATE ACTION IS REQUIRED. November 20, 2009 The American Recovery and Reinvestment Act of 2009 ( ARRA ) also known as the Economic Stimulus Bill made

More information

HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule

HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule HITECH Privacy, Security, Enforcement, Breach, and GINA The Final Rule Audio Seminar January 28, 2013 Practical Tools for Seminar Learning Copyright 2012 American Health Information Management Association.

More information

New HIPAA Rules and Implications for the Industry January 29, 2013

New HIPAA Rules and Implications for the Industry January 29, 2013 New HIPAA Rules and Implications for the Industry January 29, 2013 **Audio for this webinar streams through the web. Please make sure the sound on your computer is turned on. If you need technical assistance,

More information

Examining The Unique POC Regulatory Landscape

Examining The Unique POC Regulatory Landscape The Point of Care National Presented by DTC Perspectives, Inc. in Partnership with PoC 3 Baltimore, MD Examining The Unique POC Regulatory Landscape Jonathan M. Weinrieb Principal, OFW Law www.ofwlaw.com

More information

HIPAA s New Rules: Expanding Scope, Clarifying Uncertainties, and Reinforcing Fundamentals

HIPAA s New Rules: Expanding Scope, Clarifying Uncertainties, and Reinforcing Fundamentals February 25, 2013 Practice Group: Health Care HIPAA s New Rules: Expanding Scope, Clarifying Uncertainties, and Reinforcing Fundamentals By Patricia C. Shea On January 25, 2013, the Secretary for the United

More information

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

NOTIFICATION OF PRIVACY AND SECURITY BREACHES NOTIFICATION OF PRIVACY AND SECURITY BREACHES Overview The UT Health Science Center at San Antonio (Health Science Center) is required to report all breaches of protected health information and personally

More information

OCR Phase II Audit Protocol Breach Notification. HIPAA COW Spring Conference 2017 Page 1 Boerner Consulting, LLC

OCR Phase II Audit Protocol Breach Notification. HIPAA COW Spring Conference 2017 Page 1 Boerner Consulting, LLC Audit Type Section Key Activity Established Performance Criteria Audit Inquiry 12 Samples Requested Breach 164.414(a) Administrative 164.414(a) 164.414(a) 5 Inquiry of Mgmt Requirements Administrative

More information

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014.

HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule. Association of Corporate Counsel Houston Chapter October 14, 2014. HIPAA 2014: Recent Changes from HITECH and the Omnibus Rule Association of Corporate Counsel Houston Chapter October 14, 2014 Jeffery P. Drummond Jackson Walker L.L.P. 901 Main Street, Suite 6000 Dallas,

More information

GUIDE TO PATIENT PRIVACY AND SECURITY RULES

GUIDE TO PATIENT PRIVACY AND SECURITY RULES AMERICAN ASSOCIATION OF ORTHODONTISTS GUIDE TO PATIENT PRIVACY AND SECURITY RULES I. INTRODUCTION The American Association of Orthodontists ( AAO ) has prepared this Guide and the attachment to assist

More information

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate)

BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate) BUSINESS ASSOCIATE AGREEMENT (for use when there is no written agreement with the business associate) This HIPAA Business Associate Agreement ( Agreement ) is entered into this day of, 20, by and between

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Agreement is by and between The Health Plan ( Plan ) and Priority Health Managed Benefits, Inc., a Michigan Third Party Administrator ( Business Associate

More information

Changes to HIPAA Privacy and Security Rules

Changes to HIPAA Privacy and Security Rules Changes to HIPAA Privacy and Security Rules STEPHEN P. POSTALAKIS BLAUGRUND, HERBERT AND MARTIN 300 WEST WILSON BRIDGE ROAD, SUITE 100 WORTHINGTON, OHIO 43085 SPP@BHMLAW.COM PERSONNEL COUNCIL FRANKLIN

More information

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform Preparing for a HIPAA Audit & Hot Topics in Health Care Reform 2013 San Francisco Mid-Sized Retirement & Healthcare Plan Management Conference March 17-20, 2013 Elizabeth Loh, Esq. Copyright Trucker Huss,

More information

Business Associate Agreement For Protected Healthcare Information

Business Associate Agreement For Protected Healthcare Information Business Associate Agreement For Protected Healthcare Information This Business Associate Agreement ( Agreement ) is entered into this 24th day of February 2017, between PRACTICE-WEB, Inc., a California

More information

Omnibus HIPAA Rule: Impact on Covered Entities

Omnibus HIPAA Rule: Impact on Covered Entities Presenting a live 90-minute webinar with interactive Q&A Omnibus HIPAA Rule: Impact on Covered Entities Complying with New Requirements, Managing Risk and Responding to a Data Breach TUESDAY, MARCH 12,

More information

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP IACT Medical Trust HIPAA Privacy Training June 28, 2012 Jim Hamilton (317) 684-5419 jhamilton@boselaw.com 2009 Bose McKinney & Evans LLP HIPAA Overview 2009 Bose McKinney & Evans LLP The Privacy Rule HIPAA

More information

BREACH NOTIFICATION POLICY

BREACH NOTIFICATION POLICY PRIVACY 2.0 BREACH NOTIFICATION POLICY Scope: All subsidiaries of Universal Health Services, Inc., including facilities and UHS of Delaware Inc. (collectively, UHS ), including UHS covered entities ( Facilities

More information

VOL. 0, NO. 0 JANUARY 23, 2013

VOL. 0, NO. 0 JANUARY 23, 2013 Health IT Law & Industry Report VOL. 0, NO. 0 JANUARY 23, 2013 Reproduced with permission from Health IT Law & Industry Report, 5 HILN 4, 01/23/2013. Copyright 2013 by The Bureau of National Affairs, Inc.

More information

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205)

HIPAA PRIVACY REQUIREMENTS. Dana L. Thrasher Constangy, Brooks & Smith, LLP (205) HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLP dthrasher@constangy.com (205) 226-5464 1 REASONS FOR HIPAA PRIVACY RULES Perceived need for protection of individual health information

More information

ARE YOU HIP WITH HIPAA?

ARE YOU HIP WITH HIPAA? ARE YOU HIP WITH HIPAA? Scott C. Thompson 214.651.5075 scott.thompson@haynesboone.com February 11, 2016 HIPAA SECURITY WHY SHOULD I CARE? Health plan fined $1.2 million for HIPAA breach. Health plan fined

More information

HIPAA Business Associate Agreement

HIPAA Business Associate Agreement HIPAA Business Associate Agreement ICANotes LLC doing business at 1600 St Margarets Rd, Annapolis MD 21409 and, doing business at are parties to a Business Associate arrangement as defined under the Health

More information

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM

SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM SUBCONTRACTOR BUSINESS ASSOCIATE ADDENDUM This Subcontractor Business Associate Addendum (the Addendum ) is entered into this day of, 20, by and between the University of Maine System, acting through the

More information

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT

SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (Revised on March 1, 2016) THIS HIPAA SUBCONTRACTOR BUSINESS ASSOCIATE AGREEMENT (the BAA ) is entered into on (the Effective Date ), by and between ( EMR ),

More information

Negotiating Business Associate Agreements

Negotiating Business Associate Agreements Negotiating Business Associate Agreements February 19, 2015 William J. Roberts, Esq. Shipman & Goodwin LLP 2015. All rights reserved. HARTFORD STAMFORD GREENWICH WASHINGTON, DC About HIPAA HIPAA is a federal

More information

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Compliance Institute San Diego, CA April 1, 2014 Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Darrell W. Contreras, Esq., LHRM, CHPC, CHC, CHRC Chief Legal & Compliance Officer PlusDelta

More information

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Compliance Institute San Diego, CA April 1, 2014 Assessing and Mitigating Risk Under the HIPAA Omnibus Rule Darrell W. Contreras, Esq., LHRM, CHPC, CHC, CHRC Chief Legal & Compliance Officer PlusDelta

More information

The American Recovery and Reinvestment Act of 2009: Health Information Privacy and Security Provisions Here We Go Again

The American Recovery and Reinvestment Act of 2009: Health Information Privacy and Security Provisions Here We Go Again ClientAdvisory The American Recovery and Reinvestment Act of 2009: Health Information Privacy and Security Provisions Here We Go Again February 26, 2009 On February 17, 2009, President Obama signed into

More information

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule Breach Policy To provide guidance for breach notification when impressive or unauthorized access, acquisition, use and/or disclosure of the ephi occurs. Breach notification will be carried out in compliance

More information

ARRA 2009: Privacy and Security Provisions. Deven McGraw

ARRA 2009: Privacy and Security Provisions. Deven McGraw ARRA 2009: Privacy and Security Provisions Deven McGraw 1 Health Privacy Project at CDT Health IT and electronic health information exchange have tremendous potential to improve health care quality, reduce

More information

HEALTHCARE BREACH TRIAGE

HEALTHCARE BREACH TRIAGE IAPP Privacy Academy September 30 October 2, 2013 HEALTHCARE BREACH TRIAGE Theodore P. Augustinos EDWARDS WILDMAN PALMER LLP Kenneth P. Mortensen CVS/CAREMARK 2013 Edwards Wildman Palmer LLP & Edwards

More information

View the Replay on YouTube. HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense

View the Replay on YouTube. HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense View the Replay on YouTube HIPAA Enforcement 2.0: Minimizing Exposure with Affirmative Defense FairWarning Ready Executive Webinar Series June 4, 2013 Agenda HIPAA Omnibus Rule s effects on future enforcement

More information

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS

PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS PATTERSON MEDICAL SUPPLY, INC. HIPAA BUSINESS ASSOCIATE AGREEMENT WITH CUSTOMERS This HIPAA Business Associate Agreement ( BA Agreement ), effective as of the last date written on the signature page attached

More information

HIPAA: Impact on Corporate Compliance

HIPAA: Impact on Corporate Compliance HIPAA: Impact on Corporate Compliance AAPC HEALTHCON April 2014 Stacy Harper, JD, MHSA, CPC Disclaimer The information provided is for educational purposes only and is not intended to be considered legal

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ), is between Birch Family Services, Inc., a New York not-for-profit corporation ( Covered Entity ) and ( Business Associate

More information

Privacy Rule Primer. 45 CFR Part 160 and Subparts A and E of Part CFR , 45 CFR CFR

Privacy Rule Primer. 45 CFR Part 160 and Subparts A and E of Part CFR , 45 CFR CFR Resource provided by Page 1 of 10 Contents I. The Privacy Rule The Fundamental HIPAA Rule... 1 II. Privacy Rule Overview... 1 III. Privacy Rule Standards and Implementation Specifications Covered in Section

More information

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and

BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and BUSINESS ASSOCIATE AGREEMENT Between THE NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS and WHEREAS, Dallas County, Tarrant County, Denton County, Parker County, the North Texas Tollway Authority have created

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (this Agreement ) is entered into on the Effective Date of the Azalea Health Software as a Service Agreement and/or Billing Service Provider

More information