Several colleagues and I recently wrote Health Reform: Key Compliance Actions for the New HIPAA Privacy Regulations, an alert published by the Implementing Health and Insurance Reform team of Epstein Becker Green.
In it, we summarized areas in which employers should consider taking action prior to September 2013 to facilitate compliance with the new requirements. Here are our top five action items for covered entities and business associates to focus on in their Omnibus Rule compliance efforts:
- Review Business Associate Relationships, and Update Business Associate Agreements;
- Evaluate Compliance with Heightened Safeguard Requirements;
- Update Notices of Privacy Practices;
- Update Privacy Policies and Procedures; and
- Update Policies Regarding Determination of Breaches of Unsecured PHI.
The following is an excerpt from the alert:
In light of the Omnibus Rule’s new requirements, business associates and covered entities should strongly consider reviewing their existing HIPAA privacy and security practices, including compliance policies and business associate agreements. While the Omnibus Rule takes effect on March 26, 2013, affected parties have until September 23, 2013, to come into compliance with most of its provisions. This alert reviews several of the regulatory changes and suggests action items to facilitate compliance with the new requirements.