To help professionals in the trenches convince the C-Suite that additional resources are needed, Clearwater Compliance is presenting the Top 8 Reasons Executives Need a HIPAA-HITECH Update Due to Omnibus Final Rule.
Simply put, the Omnibus Final Rule is a business risk management game changer. - Bob Chaput, CEO and Founder of Clearwater Compliance
Nashville, Tenn (PRWEB) February 01, 2013
The Omnibus Final Rule was published in the Federal Register on Friday, January 25, 2013. To help professionals in the trenches convince the C-Suite that additional resources are needed, Clearwater Compliance is presenting the Top 8 Reasons Executives Need a HIPAA-HITECH Update Due to Omnibus Final Rule.
“Simply put, the Omnibus Final Rule is a business risk management game changer,” said Bob Chaput, CEO and Founder of Clearwater Compliance. “Companies have a lot of additional work to do to become and remain compliant by September 23, 2013.”
1. Significant Breach Notification Rule Changes. More incidents are likely reportable; companies need to update Policies & Procedures (PnPs) and develop a “compromise assessment” process.
2. Many Privacy & Security Rule Changes. Companies must make significant updates to PnPs.
3. Business associates (BAs), now including their subcontractors, are directly liable. Covered entities (CEs) are liable for the acts of their BAs that are agents, requiring greater monitoring by the CE/BA. Agreements must be modified with focus on indemnification and federal common law of agency.
4. HIPAA enforcement is dramatically moving to a penalty-based system. In some situations, there will be required HHS investigations and maximum penalties. Penalties place more emphasis on the progress of compliance programs.
5. Expanded Patients’ Rights. Requests for eCopies of any PHI stored electronically (and fewer days to respond to requests)/Certain requests for restrictions must now be honored & documentation maintained/More flexibility regarding requests for decedents health information
6. New marketing rules around authorization for subsidized treatment communications. PnPs and forms must be updated.
7. Totality of HIPAA Changes. All Notices of Privacy Practices must be revised.
8. Compliance with new requirements is required without delay. Companies must complete a lot of work by September 23, 2013 in order to comply.
2. Many Privacy & Security Rule Changes. Companies must make significant updates to PnPs.
3. Business associates (BAs), now including their subcontractors, are directly liable. Covered entities (CEs) are liable for the acts of their BAs that are agents, requiring greater monitoring by the CE/BA. Agreements must be modified with focus on indemnification and federal common law of agency.
4. HIPAA enforcement is dramatically moving to a penalty-based system. In some situations, there will be required HHS investigations and maximum penalties. Penalties place more emphasis on the progress of compliance programs.
5. Expanded Patients’ Rights. Requests for eCopies of any PHI stored electronically (and fewer days to respond to requests)/Certain requests for restrictions must now be honored & documentation maintained/More flexibility regarding requests for decedents health information
6. New marketing rules around authorization for subsidized treatment communications. PnPs and forms must be updated.
7. Totality of HIPAA Changes. All Notices of Privacy Practices must be revised.
8. Compliance with new requirements is required without delay. Companies must complete a lot of work by September 23, 2013 in order to comply.
###
About Clearwater Compliance: http://clearwatercompliance.com
Clearwater Compliance, LLC, is all about and only about helping healthcare organizations and their service providers become and remain HIPAA-HITECH Compliant. Owned and operated by veteran, C-suite health care executives, Clearwater Compliance provides comprehensive, by-the-regs software and tools, risk management solutions, training, and professional services for small medical practices and healthcare startups to major healthcare systems, health plans and Fortune 100 companies. Since 2003, the company has served more than 250 organizations (including 100 hospitals). Find out more at clearwatercompliance.com.
Clearwater Compliance, LLC, is all about and only about helping healthcare organizations and their service providers become and remain HIPAA-HITECH Compliant. Owned and operated by veteran, C-suite health care executives, Clearwater Compliance provides comprehensive, by-the-regs software and tools, risk management solutions, training, and professional services for small medical practices and healthcare startups to major healthcare systems, health plans and Fortune 100 companies. Since 2003, the company has served more than 250 organizations (including 100 hospitals). Find out more at clearwatercompliance.com.