New HIPAA Rules Create Lots of Health Care Contract Work

July 4, 2011 – In The News
Minnesota Lawyer

The new proposed HIPAA rules will have lawyers busy reviewing and revising contracts of health care entities as it is clear that agreements between covered entities and business associates must be updated to cover the new HITECH requirements.

"To the extent a covered entity is liable for a business associate dropping the ball, the covered entity would want to cover the cost, " said Elizabeth Litten.

"In some instances, the covered entity wants to make that determination even if the potential breach was made by the business associate. Other contracts might ask the business associate to decide and take full responsibility. I've seen it go both ways," Litten said.

"Anything that would be in the business associate agreement of anything where there is a direct obligation pursuant to HITECH is now pertinent to subcontractors."

Law firms that represent health care providers and handle protected health information fall under the definition of business associates as well. As a result, firms will have to review their contracts with subcontractors.

"If I'm a law firm acting as a business associate, I want to acknowledge downstream protection. This really expands the range of possibilities of the scope of companies that will be subject to the HITECH obligations and its penalties," Litten said.