The "Health Information Technology for Economic and Clinical Health Act" ("HITECH Act") was signed into law on February 17, 2009 and takes effect February 17, 2010. It expands HIPAA privacy and security regulations. The two most important changes in the HITECH Act for business associates of HIPAA covered entities are (a) requirement that business associates comply directly with Security Rule provisions directing implementation of administrative, physical and technical safeguards for electronic protected health information and (b) expanded breach notification rules for both covered entities and their business associates.
This agreement is intended to work as a side agreement or collateral agreement to an existing or pending contract with a Business Associate that deals solely with HIPAA privacy issues. It is not intended to be the complete and final written expression of a services agreement between a health care provider and a contractor.
The Washington Rider or Collateral Agreement is a crucial component of ensuring HIPAA Privacy Compliance for Business Associates, as mandated by the HITCH Act. This agreement serves as an addendum to the standard HIPAA Privacy Compliance Agreement, specifically tailored to meet the unique requirements and regulations set forth by Washington state. By understanding the various types and specificities of this rider or collateral agreement, businesses can effectively navigate the intricacies of HIPAA compliance in Washington. There are several types of Washington Rider or Collateral Agreements that can be categorized based on their primary focus and purpose. These include: 1. Washington-specific Privacy Policies: This type of rider agreement incorporates additional clauses and provisions that align with Washington state privacy laws. It ensures that Business Associates maintain compliance with both federal HIPAA regulations and any state-specific mandates related to protected health information (PHI) security and privacy. 2. Data Breach Reporting: This agreement type emphasizes the necessary steps and procedures involved in reporting data breaches, as required by both HIPAA and Washington state laws. It outlines the responsibilities of Business Associates in promptly notifying covered entities and affected individuals in the event of a breach of PHI. 3. Substance Abuse Treatment Information Protection: Washington has specific laws regarding the privacy and disclosure of substance abuse treatment records. This type of rider agreement ensures that Business Associates who handle such sensitive information comply with these additional regulatory requirements. It highlights the need for heightened security measures, consent requirements, and restricted disclosure of substance abuse treatment records. 4. Consent Requirements for Minors: In Washington, minors aged 13 and above have the right to seek certain health services without parental consent. This rider agreement addresses the complexities of handling PHI for minors and ensures that Business Associates comply with the specific consent requirements for minor patients in accordance with state law. 5. Mental Health Information Protection: This agreement type focuses on the protection and privacy of mental health information, as mandated by Washington state laws. It outlines the necessary safeguards, consent requirements, and limitations on disclosure when handling PHI related to mental health diagnoses, treatments, or services. Overall, the Washington Rider or Collateral Agreement plays a vital role in tailoring HIPAA Privacy Compliance for Business Associates to meet the unique requirements and regulations set forth by Washington state. By addressing specific aspects such as substance abuse treatment information protection, data breach reporting, and consent requirements for minors, businesses can ensure comprehensive compliance with both federal and state privacy laws.
