HIPAA Checklist From Healthcare Law Firm

Yet another reminder from a healthcare law firm that the new Omnibus rules are in place and the deadline is September 23, 2013. Of course if you have business associates agreements those are in effect now.

Here is their checklist: I added the bolding

• Update your Notice of Privacy Practices and your HIPAA policies and procedures impacted by the new HIPAA requirements.
• Update your business associate agreement forms to comply with the new HIPAA requirements and confirm you have business associate agreements in place with all business associates (e.g., IT vendors, coding consultants, billing companies, attorneys, auditors).
• If you are a business associate, make sure that you have subcontractor business associate agreements in place with the necessary subcontractors and that you understand your newly imposed liability for compliance with HIPAA.
• Ensure you have all required HIPAA privacy and security policies in place and that these policies are effective and enforced.
• Perform a risk assessment of your organization’s information security and set up reasonable safeguards as necessary.
• Provide periodic training to personnel on your updated HIPAA policies and procedures.
• Perform ongoing monitoring of compliance with HIPAA privacy and security policies and take corrective actions if you detect non-compliance or ineffective processes.
• When the organization’s HIPAA policies and procedures are violated or a data breach occurs, take appropriate and prompt corrective actions, and document the actions taken.

This includes monitoring of your business associates whether you are a covered entity or a business associates yourself. Take a look at www.compliancehelper.com/batracker

OCR scrutiny continues – are you ready for the September deadline? Thompson Coburn LLP

http://www.thompsoncoburn.com/Libraries/Alerts/OCR_Scrutiny_Continues_-_Are_You_Ready_For_the_September_Deadline.pdf#page=1