The Health Information Portability and Accountability Act’s (HIPAA) long awaited new omnibus ruling requires that healthcare providers and their business associates alike pay serious attention. Moreover, to prevent future breaches in compliance and resulting penalties, resources should be allotted to interpretation and implementation sooner rather than later.
The new rules expand the obligations of healthcare providers and their business associates in relation to patients’ protected health information (PHI) and increase the penalties for violations of any of these obligations. The American Medical Association (AMA) has outlined the three following areas to internally assess and update for procedural policy compliance.
- Privacy, Security, and Breach Notification policies and procedures (and in some cases, new workflows and forms)
- Notice of Privacy Practices (NPP); and
- Business Associate (BA) Agreements.
Physicians have until September 23, 2014, to bring all their business associate (BA) agreements into conformance with the new rules. BA agreements that have not been renewed or modified between March 26, 2013, and September 23, 2013, will be deemed compliant until the date the BA agreement is renewed or modified or until September 22, 2014, whichever is earlier.
With the potential for $1.5 million in fines and the danger of injury to professional reputations, internal IT Service and Asset Management providers in healthcare will need to develop and implement a compliance plan in a timely fashion.
HTG provides specific guidance in all three areas s a recognized national leader in HIPAA compliance. Contact us now for a HIPAA 2013 Omnibus Rule consultation.