After months of delay, compliance with the Health Insurance Portability and Accountability Act (HIPAA) Health Information Technology for Economic and Clinical Health (HITECH) Omnibus Final Rule goes into effect today. HIPAA Privacy and Security Rules are implemented by the Health and Human Services (HHS) Office for Civil Rights.
The Omnibus Final Rule was announced by HHS on January 17, 2013. According to the HHS press release, the Final Rule "expand[s] many of the requirements to business associates of [health care providers, health plans, and other entities that process insurance claims] that receive protected health information, such as contractors and subcontractors...Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation."
The Final Rule's safe harbor period, which ended today, gave covered entities and business associates 180 days to comply with stricter modifications which will be enforced by heavy fines. Time is of the essence for covered entities and business associates to take proper measures to comply with the new rules. It is imperative that entities review their relationships with covered entities, as the Final Rule expanded the definition of a "business associate" and entities that previously were not business associates, may be considered business associates with the implementation of the Final Rule. If an entity is a business associate with a covered entity, then certain obligations come into play, including the requirement that the business associate and covered entity enter into a business associate agreement that meets the requirements set forth in the Final Rule.
Since the inception of the HIPAA Privacy and Security Rules in 1996, Wachler & Associates has counseled providers and other covered entities of all sizes in HIPAA compliance. In order to attain compliance, providers should update security policies and procedures, business associate agreements, privacy policies and procedures, and HIPAA privacy notices. If your entity does not already have these procedures in place, Wachler & Associates can help you implement these important compliance measures. If you have any questions or require assistance implementing HIPAA policies and procedures for your organization, please contact an experienced healthcare attorney at 248-544-0888.