Skip to main content
A Better Partnership


Sep 2009
September 15, 2009

New HIPAA Forms Now Available

Earlier this year, we sent you an E-Bulletin about the new amendments to HIPAA in the Health Information Technology for Economic and Clinical Health (HITECH) Act. Now, we'd like to let you know that we’ve made available new forms to help you comply with the new laws.

Among other things, the HITECH amendments:

  • require those subject to HIPAA to implement policies and procedures by September 23, 2009, for notifying individuals who are impacted by an impermissible acquisition, access, use or disclosure of protected health information.

  • introduce additional requirements for business associates that are to be incorporated into business associate agreements by February 17, 2010.

In response to the HITECH Act, Warner's HIPAA Task Force has prepared two new tools for your HIPAA compliance:

  • Breach Notification Policy & Procedure: This document sets forth a process you can follow (and customize to fit your needs) for evaluating a potential breach incident to determine whether notification is required under the new HIPAA breach notification regulations and, if so, what your notification letters need to say. The document takes into account the newly issued HIPAA breach notification regulations from the Department of Health & Human Services and incorporates the latest guidance from the Department as to whether information is considered properly secured.

  • Updated Business Associate Addendum: The updated business associate addendum incorporates the new HITECH requirements that apply to business associates, including a provision that requires a business associate who experiences a breach to provide notification. For those who may have concerns about compliance with the FTC's new Red Flag Rules that become enforceable on November 1, 2009, the agreement also includes a provision requiring the business associate to have in place an identity theft detection program.

The new documents are available separately or as a kit. If purchased separately, the business associate addendum sells for $100 and the breach notification policy for $150. They can be purchased together as a kit for $225.

If you would like to purchase the documents, please contact Norbert F. Kugele (at or by phone at 616.752.2186), Nathan W. Steed (at or by phone at 616.752.2723), or any member of Warner's HIPAA Task Force, Employee Benefits Practice Group or Health Law Practice Group.

NOTICE. Although we would like to hear from you, we cannot represent you until we know that doing so will not create a conflict of interest. Also, we cannot treat unsolicited information as confidential. Accordingly, please do not send us any information about any matter that may involve you until you receive a written statement from us that we represent you.

By clicking the ‘ACCEPT’ button, you agree that we may review any information you transmit to us. You recognize that our review of your information, even if you submitted it in a good faith effort to retain us, and even if you consider it confidential, does not preclude us from representing another client directly adverse to you, even in a matter where that information could and will be used against you.

Please click the ‘ACCEPT’ button if you understand and accept the foregoing statement and wish to proceed.



+ -