Will you meet the approaching HIPAA Omnibus compliance deadline?

The HIPAA Omnibus Rule deadline is September 23, 2013. HIPAA Omnibus requires significant adjustments to HIPAA policies and procedures and affects all Business Associate (BA) relationships. Under the HIPAA Omnibus Rule, BAs and even their subcontractors who have any contact with Protected Health Information (PHI) may now be responsible for penalties and breaches.

Many practices have yet to address the required changes to avoid exposure. Staff, doctors and security compliance officers must be educated regarding all of these adjustments. In the event of a HIPAA Security or Privacy problem, the penalties could increase for organizations that do not make the necessary updates to comply with HIPAA Omnibus.

Some key issues to consider are:

  • Who signs the BA and why?
  • Are your Notice of Privacy Practices (NPP’s) up to date?
  • Do you monitor vendor protection of PHI?

To avoid penalties associated with a breach, you, your staff, your compliance officers and your BAs need to understand every aspect of the HIPAA Omnibus Rule including re-evaluating your Business Associates Agreements for appropriate language.