With the HIPAA Omnibus Rule taking effect on March 26, the clock is running for covered entities and business associates to meet the Sept. 23 compliance date. Experts offer four tips for staying on track.
Healthcare organizations signing new deals with vendors, including many cloud services providers, must make sure that their business associate agreements reflect the new HIPAA Omnibus Rule's requirements.
The Department of Health and Human Services conducts three types of audits or investigations involving privacy and security issues. But preparing for any of these inquiries requires similar steps, experts say.
How are business associates affected by the HIPAA Omnibus Rule? Susan McAndrew of the HHS Office for Civil Rights outlines the relevant provisions and offers compliance advice to covered entities and their partners.
CIOs need to go beyond a short-term focus on securing individual systems and take a broader, long-term view on privacy and security issues, says Harry Greenspun, M.D., of the Deloitte Center for Health Solutions.
The HIPAA Omnibus Rule could play an important role in improving the security of medical devices that store patient data, says an official with the agency that enforces HIPAA. Find out what part the rule could play.
Preparing for compliance with the privacy and security provisions of the HIPAA Omnibus Rule and the HITECH Act electronic health record incentive program go hand-in-hand, says federal privacy officer Joy Pritts.
Patient portals can fulfill some regulatory requirements related to providing individuals with electronic access to their medical records. But privacy and security concerns must be addressed, two experts say.
The resumption of the HIPAA compliance audit program is on hold while regulators analyze pilot audit project results and implement the HIPAA Omnibus Rule, says Susan McAndrew of the HHS Office for Civil Rights.