Skip to main content


Jun 2013
June 01, 2013

The HITECH Business Contract Bible: Provisions for Covered Entities, Business Associates and Subcontractors

The HITECH Business Associates regulations are transforming healthcare contracting, and creating new legal risks for entities providing healthcare-related services. Business Associates ranging from IT, data processing and data storage services companies, to lawyers, consultants and accountants, and their subcontractors, are now directly regulated under HIPAA. At the same time every existing Business Associate Contract will have to be replaced or amended to confirm to the new rules, and entities perhaps have never even had to know what a Business Associate Contract is will have to enter into them -- perhaps with many other entities. The HITECH Business Associate Contract Bible is designed to help guide the development of such documents, for direct Covered Entity-Business Associate relationships and for Business Associate -- Subcontractor relationships as well. It includes variations for all required Business Associate Contract provisions as well as many related provisions which may be useful additions. The variations demonstrate different risk-based strategies to Business Associate contracting, from simple versions which are good enough for "mere compliance" with the rules, to detailed versions which aggressively address risks arising from the parties' activities subject to the contract. Comments discuss contracting complexities, such as the need to pass obligations along to subcontractors, sometimes along a chain of multiple Business Associate Contracts. The applicable regulatory provisions are provided, as well as the official sample provision where available. This resource was developed by John R. Christiansen, Chair of the Health Law Section's HITECH Megarule Task Force and long-term practitioner in the field of health care privacy, security and IT contracting, with the review and support of members of the Task Force and other experts.
American Health Law Section

NOTICE. Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you.

By clicking the ‘ACCEPT’ button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.

Please click the ‘ACCEPT’ button if you understand and accept the foregoing statement and wish to proceed.



+ -