September 23 is the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule compliance deadline. We have solutions and tools that may help you meet these changes now.
IF YOU ARE A COVERED ENTITY:
- Have you identified all Business Associates (BAs)? See our Identifying Business Associates under HIPAA analysis tool.
- Have you revised all Business Associate Agreements (BAAs) and entered into them with all BAs whose agreements expire before September 23, 2013, or with whom you do not have BAAs? See our Identifying Business Associates under HIPAA analysis tool.
- Have you drafted or revised your notice of privacy practices to comply with the final rule and posted it in your facility and on your website? See our HIPAA Privacy Assessment analysis tool or request our sample Notice of Privacy Practices.
- Have you appointed and trained a Privacy Officer and Security Officer? Request our sample Privacy and Security Policies and Procedures for Covered Entities.
- Have you developed forms, such as authorization forms and alternative means of communication forms? See our HIPAA Privacy Assessment analysis tool for more information on developing appropriate forms.
IF YOU ARE A BUSINESS ASSOCIATE:
- Have you appointed and trained a security officer? Request our sample Privacy and Security Policies and Procedures for Business Associates.
IF YOU ARE A COVERED ENTITY OR A BUSINESS ASSOCIATE:
- Have you entered confidentiality agreements with vendors and others who are performing work for you not involving PHI and obtaining satisfactory assurances they will not misuse or disclose the PHI? See our Identifying Business Associates under HIPAA analysis tool, or contact us for more information on confidentiality agreements.
- Have you performed a risk / gap analysis regarding your privacy and security practices and procedures? See our HIPAA Privacy Assessment and HIPAA Security Assessment analysis tools or request our sample Privacy and Security Policies and Procedures.
- Is your BAA clear about whether the Business Associate will provide patients with access to their PHI, and if so, are all parties clear about patients’ rights to access? See our HIPAA Patients’ Rights to Access Protected Health Records analysis tool.
- Have you determined applicability of Privacy Rule Administrative requirements and implemented policies, processes, and procedures that address such requirements and your risk / gap analysis, such as:
- Training your workforce
- Instituting sanctions for non-compliance
- Developing internal reporting processes and compliant anti-retaliation policies
See our HIPAA Privacy Assessment analysis tool or request our sample Privacy Policies and Procedures and HIPAA Training materials.
- Do you understand the HIPAA rules on communicating with patients, including when authorization is required for marketing? See our Using PHI to Communicate With Patients: Is It “Marketing” Under HIPAA? analysis tool.
- Have you developed a risk assessment tool for analyzing security incidents and potential breaches? See our HIPAA: To Report or Not To Report analysis tool.
- Have you checked into purchasing cyber liability insurance and/or considered requiring coverage from those with whom you contract under HIPAA? Contact us to learn more about cyber liability insurance and coverage.