Health care providers, plans, other covered entities and their business associates should be in the final stages of making necessary changes to policies, procedures and agreements to comply with the September 23, 2013, effective date of the Omnibus Final Rule, released on January 17, 2013 (78 Fed. Reg. 5566 (Jan. 25, 2013)) amending the Health Insurance Portability and Accountability Act (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act. The new rules require entities to make changes to their HIPAA Notice of Privacy Practice and business associate agreements as well as retrain their workforce on the revised policies. Some of the more significant changes, effective September 23, 2013, include an expansion of the definition of business associate to include subcontractors and the imposition of direct liability for civil money penalties and criminal penalties upon business associates. Additionally, covered entities may no longer receive cash or other remuneration for marketing communications made for a third party’s products and services.
With the recent high profile privacy and security lapses, it is anticipated that the Office of Civil Rights will be taking a hard enforcement line regarding the changes. Make sure that you are prepared.Follow us on for more content updates