Earlier this year, the U.S. Department of Health and Human Services published the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule (the "Omnibus Rule" at 78 F.R. 5566) to implement the Health Information Technology for Economic and Clinical Health (HITECH) Act and further strengthen existing HIPAA provisions. The Omnibus Rule established new requirements that impact our Notice of Privacy Practices and Business Associate Agreements.
Business Associate Agreements Amendment
The Omnibus Rule provides that Business Associate Agreements that have not been renewed or modified between March 26, 2013, and September 23, 2013, will be deemed compliant until the date the Business Associate Agreement is renewed or modified or until September 22, 2014, whichever is earlier.
We are currently preparing an amendment to our existing self-funded account Business Associate Agreements to reflect a few minor changes that we need to make as a result of the Omnibus Rule. We expect to distribute the amended language shortly.
Changes to Our Commitment to Confidentiality
Our HIPAA Notice of Privacy Practices, entitled "Our Commitment to Confidentiality," has gone through minor modifications in keeping with the requirements of the Omnibus Rule. The new version, which we will post to our website shortly, is effective September 23, 2013, and contains statements concerning the following:
As of September 23, 2013, we will update our HIPAA Notice of Privacy Practices at www.bluecrossma.com begin including copies in our annual Evidence of Coverage mailings to our members with fully insured employers.
If you have any questions, please contact your account executive.