HB Ad Slot
HB Mobile Ad Slot
Countdown Begins for HIPAA Omnibus Rule Compliance
Wednesday, March 27, 2013

The HIPAA Omnibus Rule goes into effect today, which officially starts the clock for covered entities, business associates, and their subcontractors to begin updating their agreements, forms, policies, procedures, and practices to meet approaching compliance deadlines. Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance deadlines depend on whether there is a current agreement in place that meets regulatory requirements.  New BAAs and DUAs must comply with Omnibus Rule requirements by September 23, 2013; otherwise, BAAs and DUAs that only became non-compliant after the Office for Civil Rights (OCR) released the Omnibus Rule may remain in effect until September 22, 2014 (or until the applicable agreement renewal date).  All parties must still comply with the Breach Notification interim final rule requirements under the HITECH Act during the 180-day transition period between March 26th and September 23rd of this year. In the meantime, covered entities and business associates should be at least planning, if not undertaking, the following tasks:

  1. Preparing new, Omnibus Rule-compliant BAAs and DUAs in advance of contract renewal dates or the compliance deadline;

  2. Updating HIPAA policies and procedures and training materials;

  3. (Re)educating staff on their duties and responsibilities regarding protected health information and breach notification requirements; and

  4. Remaining alert for additional guidance from OCR.

Originally posted in Mintz Levin’s Health Law Policy Matters blog.

HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins