[April 10 Update: A document version of this Business Associate Rule Tool is now available at this post.]
This HITECH Business Associates Rule Tool is a guide to some of the key implications of the Business Associate provisions of the HITECH regulations published in January 2013, which amended the HIPAA Privacy and Security Rules published several years before. The rule was published on January 25 and is available on the official website.
This is a somewhat complex area, and the regulations are by no means intuitive. This Tool is intended to cut through some of the complexity and help users think through some of the issues more easily. It is not a law review article or especially intended for lawyers, though some lawyers may find it helpful. It does assume some familiarity with HIPAA, but deep knowledge shouldn’t be required.
This Tool is set up through a series of linked blog posts, each of which is a numbered Section. Section 2 provides a central Table of Links for browsing Sections. Sections 3 through 9 are meant to be read sequentially. Sections 10 through 15 discuss implications for specific types of Business Associate. I can provide a document version of this Tool upon request.
This Tool and the information it provides are not intended to be legal advice. The determination whether a given individual or organization is or is not a Business Associate, and what it might mean, has to be made on an analysis of the specific facts applicable to the individual or organization. If you want legal advice you are certainly welcome to contact me about setting up an engagement, but you are welcome to use the Tool to educate yourself without doing so. Just keep in mind that any decisions you make using it are yours alone and are not based on my legal advice, and any errors you make are your own responsibility.
While I have done my best to make sure the information in this Tool is accurate, I can’t guarantee it. I also have tried to come up with the most reasonable and informed interpretations of the rules I can, but others, particularly regulatory authorities, may disagree with some of them. I do expect to update this Tool if it appears people are finding it useful, but can’t guarantee I will do so.
I would appreciate informed comments and questions and will respond to them as I can. I moderate the comments but please keep in mind that questions and comments which are published will be visible to anyone else who uses the Tool. You should therefore not include information or details which might be sensitive in some way. If you would like to comment or ask questions confidentially you can email me.
© 2013 John R. Christiansen
By Tim Johns January 24, 2013 - 12:30 pm
Well, this will be interesting. I have been saying for the past couple of years this was going to happen to those “BA’s” out there.
This is a great tool, thanks again for this. Really helps with the best direction to take.
By Earnesta Taylor January 24, 2013 - 3:30 pm
Great idea. I was not expecting a 563 page HHS Privacy Rule document and need all the help I can get to sort through.
I look forward to the comments and development of the site.