Top 8 Reasons Your Healthcare Clients Need a HIPAA-HITECH Update Due to Omnibus Final Rule

By Stuart_R_Crawford
In MSP Coaching
March 19, 2013

Stuart R. Crawford / Stuart Crawford

For our US VIP members

Thanks for our colleagues at the Clearwater Compliance team who have provided information on what to speak to our healthcare clients about when discussing HIPAA compliance.

Download the complete Omnibus Final HIPAA rule.

Are you speaking to your healthcare clients about the risks?

  1. Significant Breach Notification Rule changes More incidents likely reportable; need to update Policies & Procedures  (PnPs) and develop “compromise assessment” process
  2. Many Privacy & Security Rule Changes  significant updates needed to PnPs
  3. BAs (now includes their subcontractors) are directly liable  Covered Entities are liable for the acts of their BA that are “agents” requiring greater monitoring by the CE/BA  Agreements must be modified with focus on indemnification and federal common law of agency
  4. HIPAA enforcement dramatically moving to penalty-based  Required HHS investigations and maximum penalties in certain situations/Penalties put more emphasis on progress of compliance programs
  5. Expanded Patients’ rights  Requests for eCopies of any PHI stored electronically (and fewer days to respond to requests)/Certain requests for restrictions must now be honored & documentation maintained/More flexibility regarding requests for decedents health information
  6. New marketing rules around authorization for subsidized treatment communications  PnPs and forms need to be updated
  7. Totality of HIPAA Changes  all Notices of Privacy Practices must be revised.
  8. Compliance with new requirements is required without delay  lots of work to complete by September 23, 2013

Read More