Do the modifications change business associate responsibilities regarding notices of privacy practices?
The proposed modifications would require organizations that currently issue notices of privacy practices to make material changes to those notices (for more, read on below). However, the proposed modificaitons do not appear to change the existing rules as to who is responsible for issuing the notice of privacy practices. Ordinarily that is the covered entity, although the covered entity may require a business associate to do so by contract. If a business associate fails to do so, although it may have contractual liability, the covered entity is still liable under the statute since it has the ultimate responsibility to maintain and distribute the notice. • Does HHS really expect all covered entities and business associates to amend their business associate contracts within 180 days of the new Rules going into effect? No. HHS proposes to relieve some of the burden on covered entities and business associates in complying with the revised business associate provisions by adding a transitio
Related Questions
- Would a business associate contract in electronic form, with an electronic signature, satisfy the HIPAA Privacy Rule’s business associate contract requirements?
- Would the proposed modifications to the Privacy Rule have any impact on marketing conducted by covered entities and their business associates?
- Does the HIPAA Privacy Rule require a business associate to create a notice of privacy practices?
