HIPAA Implementation Deadline Date is September 23, 2013 - Are You Ready?
A Health Care Client Alert
09/04/13
In January 2013, the Department of Health and Human Services (HHS) published a long awaited omnibus final rule with modifications and clarifications to the Health Information Technology for Economic and Clinical Health Act (HITECH) and the Health Insurance Portability and Accountability Act (HIPAA). Compliance with most of the provisions is required by September 23, 2013.
The final rules consist of: (1) final modifications to the HIPAA Privacy, Security and Enforcement Rules mandated by HITECH; (2) official incorporation of the increased and tiered civil money penalty structure provided by HITECH; (3) modification to the breach notification rules for unsecured Protected Health Information (PHI) under HITECH (which replaces the breach notification rule’s ‘‘harm’’ threshold with a more objective standard); and (4) modifications to the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes.
This effective date is less than a month away. Your compliance checklist should include the following:
- Notices of Privacy Practices almost certainly need to be updated.
- Breach notification policies and practices likely need to be updated. Any acquisition, access, use, or disclosure of unsecured PHI not permitted under HIPAA is presumed to be a breach unless a covered entity or business associate can demonstrate a low probability that the PHI has been compromised.
- Business associate agreements may need to be updated.
Bodman can help your organization review and develop policies and procedures that meet your needs and provide practical advice. If you would like to discuss these or any other legal issues affecting your organization, please contact the chair of our Health Care Practice Group, Bill Shipman, at (313) 393-7562 or wshipman@bodmanlaw.com.