- Deadline for HIPAA Omnibus Rule Approaching: Help for Compliance
- August 9, 2013
- Law Firm: Holland Hart LLP - Denver Office
The deadline for complying with the new HIPAA Omnibus Rule is September 23, 2013. Per our prior alerts and webinars, healthcare providers, other covered entities, and their business associates must take certain steps before then to ensure compliance, including the following:
- Covered entities should review existing relationships with business associates and execute or modify business associate agreements to ensure they contain the elements required by the new HIPAA Privacy and Security Rules. For information about the required elements, see our Checklist for HIPAA Business Associate Agreements.
- Business associates must now comply with the HIPAA Security Rule requirements found at 45 CFR part 164, subpart C. Among other things, business associates must ensure they have completed the required risk assessment and implemented the required administrative, technical and physical safeguards. They must also ensure they have practices in place to comply with business associate agreement terms relating to the HIPAA Privacy Rules.
- Covered entities must update their HIPAA privacy policies to incorporate new Omnibus Rule requirements, including those relating to the new breach notification standard; access to electronic information; limits on disclosures to health insurers; marketing; sale of protected health information; fundraising; and disclosures about deceased individuals.
- Covered entities must update their Notice of Privacy Practices to incorporate new terms, including new limits on disclosures and breach notification requirements.
- Covered entities and business associates must train members of their workforce concerning the new rules and policies, and document the training.
For more specific guidance, see our Health Law Update, HIPAA Omnibus Rule: Checklist for Compliance.
Help for Compliance. To help clients comply with the new Omnibus Rules, we have prepared an updated set of sample forms that health care providers and business associates may use as appropriate to their circumstances, including the following:
- Privacy Policies
- Breach Notification Policy
- Notice of Privacy Practices
- Business Associate Agreements
- Confidentiality Agreements
- Authorization for Disclosure of Protected Health Information
- Designation of Privacy and Security Officers
- Patient Requests to Access or Amend Information
- Accounting of Disclosure Log
- Sample letters to patients, persons seeking information, and in response to OCR investigation
- Checklists for compliance.