by Vlad Hurduc
September 14, 2014
Enforcement of the HIPAA Omnibus Rule began one year ago, but another very important deadline is quickly approaching. Effective September 22, 2014, all business associate agreements need to comply with the HIPAA Omnibus Rule, so make sure that all your written agreements are in line with new Omnibus Rule requirements. Begin by identifying all of your business associate contractor/vendor relationships and, if you are a business associate, re-examine any contractor/vendor relationships you have which involve disclosure of protected health information (PHI).
These are the most sweeping changes since the HIPAA Privacy and Security Rules were first implemented. The Department of Health and Human Services now has a greater opportunity to enforce compliance with the new rule.
Business associates and subcontractors are now directly liable for HIPAA compliance, so all business associate agreements need to be re-examined. If any agreements are non-compliant, you should renegotiate and revise them before the September 22 deadline. Times is limited, but you should still document your efforts even if you can’t meet the deadline. This is especially important if another party is causing a delay in the renegotiations.
There is less than a week left until the deadline, so you need to take direct action, if you haven’t done so already, to meet compliance.