The Omnibus Rule became effective on March 26, 2013 and there were many changes. Most of those changes needed to be in effect on Sept. 23, 2013. However, Business Associate Agreements (BAAs) that were in place prior to Jan. 25, 2013 did not need to be updated until Sept. 22, 2014.
Sept. 22, 2014 is right around the corner. This is the time to confirm that all your BAAs have been updated and comply with the new requirements of the Omnibus Rule.
The final HIPAA Omnibus Rule that was published on Jan. 25, 2013 really increased the responsibilities of privacy and security of business associates and covered entities. One example is that a BAA must now have provisions about notifying a covered entity if there is a data breach.
The Omnibus Rule also put in place downstream responsibilities such as now requiring a business associate to have a BAA for their subcontractors who have access to PHI.
This is the time to do that last minute checking to make sure that if you are a covered entity you have identified all your subcontractors. Business associates need to make sure they have verified all their subcontractors. Once you are sure you have identified them you need to double check that you have the properly-updated Omnibus-ready BAA in effect.
Remember that documentation is the key if you are asked to provide information in an audit. Also, did I mention that Sept. 22, 2014 is right around the corner?
No related posts.