Covered entities and business associates have until September 23, 2013 to be compliant with the final omnibus rule that made sweeping changes to the privacy, security, enforcement, and breach notification rules under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Will you be compliant by September 23, 2013?
We have compiled a list of the "must do" items by September 23, 2013. While this list is by no means exhaustive, it will start you down the path to HIPAA compliance:
- Covered entities and business associates must perform a risk assessment;
- Covered entities must revise and redistribute their notice of privacy practices;
- Covered entities and business associates must update form business associate agreements and redistribute them as applicable;
- Covered entities and business associates must examine existing business relationships to determine if a business associate agreement is required;
- Business associates must have business associate agreements in place with necessary subcontractors;
- Covered entities must revise their HIPAA authorization form;
- Covered entities and business associates must revise their breach notification policies and procedures; and,
- Covered entities and business associates must train their employees on new or revised HIPAA policies and procedures.
© 2017 Ward and Smith, P.A.
This article is not intended to give, and should not be relied upon for, legal advice in any particular circumstance or fact situation. No action should be taken in reliance upon the information contained in this article without obtaining the advice of an attorney.