We are trying to get a fully constructed BA as an addendum to existing contracts out before the end of the year. Fortunately, we have a limited number of business associates that are not themselves already covered entities. While we understand that the BA is required between covered entities as well, we are not as worried about the liability issue because they are, we hope, as concerned as we.
I agree, the trap is there for those who do not have the agreement and suffer a breach of privacy. ------------------( Forwarded letter 1 follows )-------------------- Date: Thu, 19 Sep 2002 13:49:56 -0400 To: Colleen.Grimes[CGrimes]@amerigroupcorp.com.comp, [EMAIL PROTECTED] From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: RE: Business Associate Agreements I would like to submit an important thought about Business Associate agreements. While the rule allows an extra year to have the BA agreement in place with the required clauses, I have talked with several attorneys that offer a unique perspective: That the covered entity becomes liable for the business associate's actions from April 14th, 2003. In other words, you don't HAVE TO HAVE the agreement executed by the deadline per the rule, BUT the rule still holds the CE to the letter of compliance, which includes disclosures and privacy by all sub-contractors from DAY ONE! It appears to me and those I've discussed this with, that this gives both flexibility, and creates a trap of liability. You can be conforming with the BA agreement requirements, yet fail under disclosure or other privacy requirements. So we have been pursuing the development of a rider or attachment agreement to cover the Privacy rule requirements overall for the BAs, while letting the full BA agreement to be handled in due course within the extended time line. This strategy appears to correct the trap. So my recommendation if spend the next 6 months and get the BA agreements done, or at least get an addendum or attachment executed for safety. I would be interested in discussion on this. Tim McGuinness, Ph.D. Consulting Specialist in Regulatory Privacy, Security, and Application Compliance (HIPAA/ASCA/FDA/CMS-HCFA/ICH/ADA 508c), [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> President, HIPAA Help Now Inc. [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> www.hipaahelpnow.com <http://www.hipaahelpnow.com/> Executive Co-Chairman for Privacy, HIPAA Conformance Certification Organization (HCCO) www.hipaacertification.org <http://www.hipaacertification.org> __________________________________________________________________ Phone: 727-787-3901 Cell: 305-753-4149 Fax: 240-525-1149 Instant Messengers: ICQ# 22396626 - MSN IM: [EMAIL PROTECTED] - Yahoo IM timmcguinness - AOL IM: mcguinnesstim __________________________________________________________________ =========================================================================== IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed. If you are not the intended recipient, please notify the sender at once, and you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited. Nothing in this email, including any attachment, is intended to be a legally binding signature. -----Original Message----- From: Grimes, Colleen [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 19, 2002 8:17 AM To: [EMAIL PROTECTED] Subject: Business Associate Agreements Hope someone can give me feedback regarding any MCO's plans on executing business associate agreements. With the year extension that was provided, I was curious what payers timelines are for executing their BA agreements. Has anyone executed their BA agreements or are MCO's delaying until next year? What would be your rationale for either delaying or executing had the date had not been extended? Thanks, Colleen Grimes Colleen Grimes AVP, HIPAA Compliance 757-473-2737 X3115 Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited. ********************************************************************** To be removed from this list, go to: http://snip.wedi.org/unsubscribe.cfm?list=privacy and enter your email address. The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. Posting of advertisements or other commercial use of this listserv is specifically prohibited.
Tim McGuinness Ph. D..vcf
Description: Binary data
