September 23, 2013 is the deadline for complying with the new HIPAA regulations.  Healthcare facilities and all of their business associates have been heeding HIPAA's rules and regulations for years, and as of September 23, entities that qualify as Business Associates, namely any subcontractor that handles protected health information (PHI), now need to be HIPAA compliant.



If your managed services business serves healthcare facilities, here is a brief outline of elements for HIPAA compliance. A list this short cannot cover every minute detail of the updated regulations. Rather, it is intended to provide a broad overview.  For more resources, check out Continuum's HIPAA Resource Center.


HIPAA Compliance Overview

The new regulations reflect the increased role technology has in the medical field. For instance, patients will now have the right to request electronic copies of privacy policies. 

Here are the things business associates should have completed by September 23, 2013, to bring the facility into compliance with the IT regulations.

check-orangeA risk analysis assessment should have been conducted to determine the vulnerabilities and risks of
      electronic PHI

check-orangeEncryption policies should have been updated

check-orangePortable electronic device policies should have been updated

check-orangeAll data should be encrypted and only sent over secure connections


Employee HIPAA Compliance Checklist

All the effort poured into encrypting data and writing policies will be pointless if employees do not follow the policies and heed the new regulations. Every employee of a business associate, regardless of his or her position, should be briefed on the new rules regarding PHI. 

By now, your company should have:

check-orangeTrained all employees on the new regulations

check-orangeDocumented every employee's training

check-orangeEven though all employees have been trained, it may still be a good idea to hold a brief meeting to
      remind everyone of the new regulations going into effect


Recovery Checklist

No matter how well-prepared a facility is for the new regulations, there are bound to be breaches. People will make mistakes. The best way to handle a breach is to immediately address the issue, report it appropriately and take action as necessary. 

Before a breach occurs, your company should have:

check-orangeClearly defined how breaches are to be reported and to whom

check-orangePurchased breach insurance

If all of these steps have already been addressed, then you should be prepared for the new HIPAA regulations. Ignoring these items will only lead to penalties; take action today to bring your managed services business into compliance with the new regulations.


Check out Continuum's HIPAA Resource Center for more information.

HIPAA Resource Center