HIPAA Audit: OCR Is On The Move
With HIPAA Omnibus rule compliance deadline around the corner, it’s time to accelerate compliance measures and ensure that there is no scope for any breach. Reviewing contracts with business associates and subcontractors is an important and top priority task. While enforcement of the HIPAA Omnibus Rule began almost a year ago, there’s one more important deadline quickly approaching for covered entities and business associates. Though all contracts, signed after the Omnibus rule published in the Federal Register, were to reflect the new requirements by September 23rd 2013, the preexisting ones have time till September 22nd 2014 this year.
Taking Care of Unfinished Compliance Work
Covered entities, business associates, and subcontractors need to review existing business associate agreements and ensure that they are compliant with the HIPAA Omnibus requirements. With business associates and their subcontractors now directly liable for HIPAA compliance under HIPAA Omnibus, it is imperative that all business associate agreements factor the new omnibus provisions and more importantly the documentation of these policies and procedures. Healthcare compliance attorney Betsy Hodge advises the revising and renegotiating of agreements if they’re not compliant. Ensuring policies in place and documenting them should be one of the foremost tasks in this regard, particularly if the other party is the reason for the delay.
Breach Notification
Unless organizations prove that risks are low (through a four-factor assessment), HIPAA Omnibus breach notification rule states that all security incidents are presumed to be reportable data breaches. Hodge states that some covered entities and business associates are altogether skipping analysis by taking a more open view of disclosing breaches.
Making It Simple
Covered entities need to ensure detailed analysis of the business associate agreements for their conformance to the final HIPAA omnibus rule before they reach the compliance deadline to avoid huge penalties and stringent legal action. Healthcare enterprises need powerful HIPAA software solutions to assist them in developing a mature, repeatable and sustainable process for compliance. Comprehensive security and compliance management solutions such as AegifySecureGRC can prove handy at this point, as it comes with built-in frameworks for compliance with all aspects of the HIPAA Omnibus rule.
Related posts
