Reminder: Compliance with new HIPAA regulations due this month!
When new HIPAA regulations were introduced this year, covered entities were provided with 180 days from the date the final rule became effective (March 23) to make some changes. The 180th day for this compliance period is Sept. 23, 2013. If you are a covered entity as defined by HIPAA, and haven’t made any changes to your HIPAA documents or policies, now is the time.
The new regulations make some key changes to the current law.
A brief overview of the changes you should be making:
· Business Associates of covered entities will be required to comply with many of the HIPAA Privacy and Security regulations in regards to the information they receive from the covered entity. Business Associate Agreements (BAA) should be updated to reflect this change:
- If the covered entity had a BAA in place before Jan. 25, 2013 and that BAA was not renewed between March 26, 2013 and September, that agreement can continue until September 2014.
- If the covered entity did not have a BAA in place or renewed a BAA between March and September of this year, the new BAA should be in place by September 23.
· Changes were made to the current HITECH Breach Notification requirements, so HIPAA Privacy Policies and breach notification procedures should be updated accordingly.
· Changes were made to the way in which PHI can be used for marketing, so Policies and training materials should be updated.
· Changes were made to individual rights, so Notices of Privacy Practices need to be updated.
The complete final regulations can be found here: http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf.