Complying with the New Omnibus Rule

The final omnibus rule, which makes changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA), goes into effect March 26 and covered entities must be in compliance by September 23.  The final rule was published in the Federal Register January 25th and contains the most changes to the HIPAA privacy and security rules since they were first implemented.  These statutory changes were included in a section of the American Recovery and Reinvestment Act of 2009 known as the Health Information Technology for Economic and Clinical Health (HITECH) Act.  This rule also finalizes changes required by the Generic Information Nondiscrimination Act of 2008.

Medical and Dental offices need to assess their compliance to these rules, which not only enhances a patient’s privacy rights and protections, but also strengthens the ability of the Office for Civil Rights (OCR) to enforce the established regulations, regardless of whether the patient health information is being held by a health plan, a healthcare provider or one of the physician or dentist’s business associates.  For starters, you may need to modify your Business Associate Agreements and Notice of Privacy Practices.  You should also evaluate the way you assess whether improper use or disclosure of personal health information should be considered a breach that would trigger official notification requirements spelled out in the rule.  Tackling the challenging task of mapping out responsibility for carrying out your compliance work is more important now than ever before.

Assign Responsibility

  • Map out the privacy and security protocols and “tag” each with a person whom will be responsible for seeing that it is done and carried out in your business
  • While the procedures may be defined, also make sure that your documentation of each for your business is complete and up to date
  • Look to build efficiencies into your process by utilizing computerized systems

Set Priorities

  • Focus on identifying all documentation and processes where changes need to be made, which includes privacy notices, policies, procedures, forms and documents
  • Establish staff training as a top priority
  • Determine who your business associates are and update your Business Associate Agreement with them

Good News

We are now offering assistance in helping you meet your compliance requirements and are excited to provide you with Healthcare Compliance Assistance (click here to download a flyer).  If you take advantage of this offer before the regulated deadline you will have the VMDE Healthcare Team and Compliance Pros available to help you with the tasks you need to accomplish to achieve compliance with the new HIPAA Omnibus Rule.

Please note: I reserve the right to delete comments that are offensive or off-topic.

Leave a Reply

Your email address will not be published. Required fields are marked *