The new HIPAA regulations become effective on September 23, 2013. Many health care providers have been focused on revising business associate agreements and getting them signed up. Keep in mind that new business associate agreements are only one of several changes mandated under the HIPAA Omnibus Rule. If you haven’t done so already, now is the time to take the other actions necessary to comply by the deadline.

As a health care provider, your “to do” checklist should include the following:

1. Update policies:
   • Breach Notification
   • Notice of Privacy Practices
   • Right to Request Restrictions on Disclosures of PHI
   • Right to Access
   • Uses and Disclosures: deceased individuals; immunization records/schools; marketing; fundraising; sale of PHI
   • Authorizations for research purposes
   • Business Associates and Subcontractors
        
2. Update related forms and documents, including:
   • Notice of Privacy Practices
   • Business Associate Agreement
        
3. Enter into new business associate agreements
      
4. Post and distribute new Notice of Privacy Practices
      
5. Finally, if you haven’t thought about HIPAA in awhile:
   • Confirm you have HIPAA security policies addressing safeguards for electronic PHI
   • Conduct a security risk assessment
   • Confirm that you have a HIPAA breach notification policy   

LINKS

• The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
• HIPAA Omnibus Rule