Top 8 Reasons Your Healthcare Clients Need a HIPAA-HITECH Update Due to Omnibus Final Rule
Stuart R. Crawford / Stuart Crawford
For our US VIP members
Thanks for our colleagues at the Clearwater Compliance team who have provided information on what to speak to our healthcare clients about when discussing HIPAA compliance.
Are you speaking to your healthcare clients about the risks?
- Significant Breach Notification Rule changes→ More incidents likely reportable; need to update Policies & Procedures (PnPs) and develop “compromise assessment” process
- Many Privacy & Security Rule Changes → significant updates needed to PnPs
- BAs (now includes their subcontractors) are directly liable → Covered Entities are liable for the acts of their BA that are “agents” requiring greater monitoring by the CE/BA → Agreements must be modified with focus on indemnification and federal common law of agency
- HIPAA enforcement dramatically moving to penalty-based → Required HHS investigations and maximum penalties in certain situations/Penalties put more emphasis on progress of compliance programs
- Expanded Patients’ rights → Requests for eCopies of any PHI stored electronically (and fewer days to respond to requests)/Certain requests for restrictions must now be honored & documentation maintained/More flexibility regarding requests for decedents health information
- New marketing rules around authorization for subsidized treatment communications → PnPs and forms need to be updated
- Totality of HIPAA Changes → all Notices of Privacy Practices must be revised.
- Compliance with new requirements is required without delay → lots of work to complete by September 23, 2013