HIPAA Omnibus Final Rule – Jan 2013

by | May 13, 2013 | Blog

September 23, 2013 is a compliance deadline date for the new HIPAA rules. If you are in the healthcare field then here is a quick overview of what this means.

  • Changed the data breach law. Loss of device presumed to be a breach, few exceptions.
  • Changed patient access to data requirements.
  • Changed authorization requirements for sale of health info, and using it for marketing and fundraising.
  • Genetic info cannot be used for underwriting.
  • Business Associates now required to follow similar safeguards & standards as Covered Entities. BA definition includes ‘non-Covered Entities but someone who does come in contact with PHI and ePHI’. The following are some examples: shredding compainies, IT companies, Lawyers, collections agencies, Cloud vendors, online backup compaines, etc.
  • New Business Associate agreements will need to be put in place. Replace existing agreements by September 22, 2014

We have found that many healthcare providers have not done a recent Risk Analysis, now would be a good time to do one. If you need help understanding what this means for your practice or business please give us a call and we would be happy to assist you, 541-779-4777.