Tick, Tock: Less than 60 Days to Comply with Updated HIPAA/HITECH Rules

more+
less-

There are now less than 60 days left for covered entities and business associates to implement provisions set forth in the final omnibus HIPAA/HITECH rules issued by the U.S. Department of Health and Human Services (HHS) in January 2013.  Preparation will require updating of applicable policies, procedures, and training by September 23, 2013.  Business associate agreements (BAAs) entered into on or after January 25, 2013 must also be updated by September 23, 2013. Given increased enforcement activity and breach risk, many covered entities are updating BAAs executed before January 25, 2013 now, prior to the later deadline of September 22, 2014.  In addition, all of the Security Rule and most of the Privacy Rule will now apply directly to business associates, requiring them to implement appropriate administrative and security safeguards.  Those same requirements must also be applied to subcontractors.  Among the most impactful of the changes was HHS’s decision to lower the standard for breach notification by eliminating the “harm threshold”.  Now, rather than weighing the potential harm to the individual to determine if notification is required, unless one of the three narrow exceptions to the rules apply or the covered entity completes the required risk assessment to demonstrate a “low probability” of risk that the information was actually compromised, there will be a presumption of breach.  The result of this lowered standard will be an increase in breach notifications, so covered entities should scrutinize applicable terms in their BAAs, update their incident response procedures, and consider appropriate insurance to address potential costs.  Additional information on these breach notification updates is provided in our earlier alert
 
 

 


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Poyner Spruill LLP | Attorney Advertising

Written by:

more+
less-

Poyner Spruill LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.
×
Loading...
×
×