What does this mean to healthcare and those working with healthcare facilities? How can your local healthcare focused IT Service team help?
The HIPAA Omnibus Rule has officially gone into effect. Covered Entities and Business Associates, including their subcontractors, must begin updating their agreements, forms, policies, procedures and practices to meet approaching compliance deadlines.
Business Associates Agreement and Data Use Agreement compliance deadlines depend on if there is a current agreement in place that meets regulatory requirements.
New BAAs or DUAs must comply with Omnibus Rule requirements by September 23, 2013.
BAAs or DUAs that only became Non-Compliant have until September 22, 2014 or until the applicable agreement renewal date.
All entities must still comply with the Breach Notification Interim File Rule requirements under the HITECH act during the 180 day transition period between March 26 and September 23, 2013.
In the meantime, covered entities and business associates should be planning if not undertaking the following tasks:
- Prepare new, Omnibus rule-compliant BAAs and DUAs in advance of contract renewal dates or the compliance deadlines.
- Updating HIPAA policies and procedures and training materials.
- Re-educate all staff on their duties and responsibilities regarding protected health information and breach notification requirements.
- Remaining alert of any other additional guidance from the OCR.
Have questions? Speak with us about your healthcare information, data backup solution and any other IT solutions for your healthcare practice or, if your business works with healthcare, talk to us about what you need to do right now.
We are your healthcare-focused IT Service professionals and HIPAA risk analysis experts.