I have updated and posted on the Premium Member section of the Veterans Press website the updated business associate agreement that I had earlier updated to comply with the HITECH Act. Now, it complies with the Omnibus Rule changes to the business associate relationship.

In preparing this update, I reviewed the sample business associate agreement on the DHHS website. I believe that I have made some improvements to it.

Remember that the key Omnibus Rule change is that a covered entity or an “upstream” business associate may be liable for a breach by a “downstream” business associate if the business associate or subcontractor business associate qualifies as an agent under the federal common law of agency. Thus, make sure that your business associate agreement does not contain provisions to control the day-to-day operations of the business associate. See my February 18, 2013, blog post “You’d Better Not Control Your Business Associate’s Performance” for more information.

If you bought the HIPAA Compliance Library that includes my 5^th edition of the Compliance Guide to HIPAA and the DHHS Regulations, you received with it a one-year free subscription to the Premium Member section. If you need help setting up your account to access the Premium Member section, please call our marketing director, Patrick R. Head II, toll-free at 855-341-8783 or email him at patrick@veteranspress.com.