The long awaited HIPAA/HITECH Final Rule became effective March 26, 2013, but covered entities, business associates and subcontractors will have until September 23, 2013, to fully comply.
OCR Director Leon Rodriguez has made it clear that the Final Rule provides for the most sweeping changes to HIPAA since the Privacy and Security Rules were released. And, further, the Final Rule provides OCR with an opportunity to vigorously enforce compliance.
Compliance with HIPAA must be a top priority for every organization that creates, receives, maintains or transmits protected health information. To meet this need, BakerHostetler has developed a fixed-fee consultation service for organizations to gauge their compliance readiness for the HIPAA/HITECH Final Rule and remedy associated gaps.
- Issue identification review
After an initial one-hour collaborative meeting, BakerHostetler will undertake an issue identification review of the following OCR "hot buttons" for required elements under the HIPAA/HITECH Final Rule and applicable state laws: Data storage and data sharing practices, encryption programs, cyber liability insurance, risk assessment/risk management plans, policies and procedures, education and training, physician portals and Health Information Exchanges (HIEs) and special issues dealing with fundraising, clinical research and the Genetic Information Nondiscrimination Act (GINA).
- Document review and update
Our team will review covered entities' templates for business associate agreements and incident response plans and update them accordingly for compliance with the HIPAA/HITECH Final Rule.
- Risk assessment template
An outline for your privacy officer to use as a guide towards achieving compliance with the Privacy Rule.
- Compliance issue identification report
A written issue identification report with an overview of recommendations for correcting identified compliance gaps will be presented and discussed in an hour-long wrap-up meeting.