HIPAA — Countdown to New Regulations

published in McAfee & Taft Healthcare Industry Alert | August 29, 2013

By Patricia Rogers

The new HIPAA regulations become effective on September 23, 2013. Many health care providers have been focused on revising business associate agreements and getting them signed up. Keep in mind that new business associate agreements are only one of several changes mandated under the HIPAA Omnibus Rule. If you haven’t done so already, now is the time to take the other actions necessary to comply by the deadline.

As a health care provider, your “to do” checklist should include the following:

  1. Update policies:
    • Breach Notification
    • Notice of Privacy Practices
    • Right to Request Restrictions on Disclosures of PHI
    • Right to Access
    • Uses and Disclosures: deceased individuals; immunization records/schools; marketing; fundraising; sale of PHI
    • Authorizations for research purposes
    • Business Associates and Subcontractors
  2. Update related forms and documents, including:
    • Notice of Privacy Practices
    • Business Associate Agreement
  3. Enter into new business associate agreements
  4. Post and distribute new Notice of Privacy Practices
  5. Finally, if you haven’t thought about HIPAA in awhile:
    • Confirm you have HIPAA security policies addressing safeguards for electronic PHI
    • Conduct a security risk assessment
    • Confirm that you have a HIPAA breach notification policy

If you have any questions about HIPAA, please do not hesitate to contact any of our healthcare lawyers.

This alert has been provided for clients and friends of McAfee & Taft A Professional Corporation. It does not provide legal advice, and is not intended to create a lawyer-client relationship. Readers should not act upon information in this alert without seeking professional counsel.

Featured Industry