Some text in the Modal..

ALERT: HIPAA Omnibus Rule Requires Added Compliance by September 22, 2014

09-22-2014 Countdown

by Vlad Hurduc
September 14, 2014

Enforcement of the HIPAA Omnibus Rule began one year ago, but another very important deadline is quickly approaching. Effective September 22, 2014, all business associate agreements need to comply with the HIPAA Omnibus Rule, so make sure that all your written agreements are in line with new Omnibus Rule requirements. Begin by identifying all of your business associate contractor/vendor relationships and, if you are a business associate, re-examine any contractor/vendor relationships you have which involve disclosure of protected health information (PHI).

These are the most sweeping changes since the HIPAA Privacy and Security Rules were first implemented. The Department of Health and Human Services now has a greater opportunity to enforce compliance with the new rule.

Business associates and subcontractors are now directly liable for HIPAA compliance, so all business associate agreements need to be re-examined. If any agreements are non-compliant, you should renegotiate and revise them before the September 22 deadline. Times is limited, but you should still document your efforts even if you can’t meet the deadline. This is especially important if another party is causing a delay in the renegotiations.

How do you become compliant?

  • Revise all your Business Associate Agreement forms
  • Evaluate any existing contractor arrangements
  • Update and re-distribute Notices of Privacy Practices
  • Analyze current arrangements for compliance with restrictions on the sale of PHI
  • Train employees on the new rules
  • Document all your efforts in the process
  • Secure your network, including servers, computers and laptops

There is less than a week left until the deadline, so you need to take direct action, if you haven’t done so already, to meet compliance.

Better data ... better decisions ... better care