September 23, 2013 is a compliance deadline date for the new HIPAA rules. If you are in the healthcare field then here is a quick overview of what this means.
- Changed the data breach law. Loss of device presumed to be a breach, few exceptions.
- Changed patient access to data requirements.
- Changed authorization requirements for sale of health info, and using it for marketing and fundraising.
- Genetic info cannot be used for underwriting.
- Business Associates now required to follow similar safeguards & standards as Covered Entities. BA definition includes ‘non-Covered Entities but someone who does come in contact with PHI and ePHI’. The following are some examples: shredding compainies, IT companies, Lawyers, collections agencies, Cloud vendors, online backup compaines, etc.
- New Business Associate agreements will need to be put in place. Replace existing agreements by September 22, 2014
We have found that many healthcare providers have not done a recent Risk Analysis, now would be a good time to do one. If you need help understanding what this means for your practice or business please give us a call and we would be happy to assist you, 541-779-4777.