September 23, 2013 is the deadline for complying with the new HIPAA regulations. Healthcare facilities and all of their business associates have been heeding HIPAA's rules and regulations for years, and as of September 23, entities that qualify as Business Associates, namely any subcontractor that handles protected health information (PHI), now need to be HIPAA compliant.
If your managed services business serves healthcare facilities, here is a brief outline of elements for HIPAA compliance. A list this short cannot cover every minute detail of the updated regulations. Rather, it is intended to provide a broad overview. For more resources, check out Continuum's HIPAA Resource Center.
HIPAA Compliance Overview
The new regulations reflect the increased role technology has in the medical field. For instance, patients will now have the right to request electronic copies of privacy policies.
Here are the things business associates should have completed by September 23, 2013, to bring the facility into compliance with the IT regulations.
A risk analysis assessment should have been conducted to determine the vulnerabilities and risks of
Encryption policies should have been updated
Portable electronic device policies should have been updated
All data should be encrypted and only sent over secure connections
Employee HIPAA Compliance Checklist
All the effort poured into encrypting data and writing policies will be pointless if employees do not follow the policies and heed the new regulations. Every employee of a business associate, regardless of his or her position, should be briefed on the new rules regarding PHI.
By now, your company should have:
Trained all employees on the new regulations
Documented every employee's training
Even though all employees have been trained, it may still be a good idea to hold a brief meeting to
remind everyone of the new regulations going into effect
No matter how well-prepared a facility is for the new regulations, there are bound to be breaches. People will make mistakes. The best way to handle a breach is to immediately address the issue, report it appropriately and take action as necessary.
Before a breach occurs, your company should have:
Clearly defined how breaches are to be reported and to whom
Purchased breach insurance
If all of these steps have already been addressed, then you should be prepared for the new HIPAA regulations. Ignoring these items will only lead to penalties; take action today to bring your managed services business into compliance with the new regulations.
Check out Continuum's HIPAA Resource Center for more information.
By Richard Harber
By Gretchen Hoffman
By Gretchen Hoffman