Are You Ready for the 9/23/13 HIPAA Omnibus Deadline!?
by Leigh-Ann Renz, 9.8.13
We’ve been talking about it for a while: the 563 page HIPAA Omnibus revision that went into effect on January 17, 2013 and that you must be compliant with by September 23, 2013.
To recap the highlights what this means for your mental & behavioral health care practice:
- Update your Notice of Privacy Practices (NPPs)—check out the details for your practice.
- Update your contracts with Business Associates (BAs).
- Make sure your clients’ private health information (PHI) is protected, on all devices and with all staff.
- Conduct a Risk Assessment, including analyzing and organizing the data in case of a breach.
- Have office policies in place to address the new rule that allows individuals to restrict PHI disclosures to their health plan if services are paid for out of pocket. This is especially important for mental & behavioral health care providers, whose clients may wish to keep their mental PHI private.
- Update your incident response and breach notification processes to incorporate the change from a “risk of harm” standard to a “presumption of breach standard”.
Click here for details about the above or here to access our HIPAA Resource Center. Have a specific question about HIPAA? Send it to us, and we’ll pass it along to our HIPAA experts and PIMSY Advisory Board members. Sept 23rd is right around the corner, and while the resources offered can help, it’s every practice’s task to make sure they are compliant.