I developed this resource through and with the support of the American Bar Association Health Law Section’s HITECH Megarule Task force.
You can buy it here. I don’t get any royalties from it (sigh), but if you need to draft or negotiate even one Business Associate Contract it will probably pay for itself a couple/three times over.
The official blurb is as follows:
The HITECH Business Associates regulations are transforming healthcare contracting, and creating new legal risks for entities providing healthcare-related services. Business Associates ranging from IT, data processing and data storage services companies, to lawyers, consultants and accountants, and their subcontractors, are now directly regulated under HIPAA. At the same time every existing Business Associate Contract will have to be replaced or amended to confirm to the new rules, and entities perhaps have never even had to know what a Business Associate Contract is will have to enter into them — perhaps with many other entities.
The HITECH Business Associate Contract Bible is designed to help guide the development of such documents, for direct Covered Entity-Business Associate relationships and for Business Associate — Subcontractor relationships as well. It includes variations for all required Business Associate Contract provisions as well as many related provisions which may be useful additions. The variations demonstrate different risk-based strategies to Business Associate contracting, from simple versions which are good enough for “mere compliance” with the rules, to detailed versions which aggressively address risks arising from the parties’ activities subject to the contract. Comments discuss contracting complexities, such as the need to pass obligations along to subcontractors, sometimes along a chain of multiple Business Associate Contracts. The applicable regulatory provisions are provided, as well as the official sample provision where available.
This resource was developed by John R. Christiansen, Chair of the Health Law Section’s HITECH Megarule Task Force and long-term practitioner in the field of health care privacy, security and IT contracting, with the review and support of members of the Task Force and other experts.
Drop me a note if you have any questions or comments. Thanks! s