Are you starting your HIPAA Omnibus Preparations?
The HIT Security blog is a great resource for HIPAA related information. Are you following it? Click here to check them out.
We recently read one of their articles on meeting HIPAA compliance deadlines. It was filled with great advice on what your business or healthcare practice should do now to meet important HIPAA compliance deadlines.
Important for all healthcare facilities and business serving healthcare to read!
If you are a HIPAA Covered Entity you need to be sure all your business associates and all of their subcontractors that may come in contact with protected healthcare information commit to achieving full HIPAA compliance by September 23, 2013. Even though your business associates are responsible for their own HIPAA violations, you are still responsible for your business associates and your healthcare organization can be at risk if they fail to comply.
If your business associates fail to meet HIPAA compliance requirements or have no plans to meet the requirements, it is time to replace them now with those who are.
Many business associates are waiting on their attorneys to offer advice and many are waiting long periods for attorneys to draw up documents outlining the boundaries of liability.
We would like to share some important questions that the team at HIT Security shared in their blog.
HIPAA Deadline Questions Covered Entities Should Ask their Business Associates
- Are you aware that the services you provide mean that you are a HIPAA Business Associate?
- Are you willing to sign an updated Business Associate Agreement that includes the new provisions of the HIPAA Omnibus Final Rule?
- Will you have a full compliance program in place by the September 23, 2013 deadline? How will you accomplish this?
- Are you willing to divulge to us the names and roles of all of your subcontractors, and their subcontractors, who see or maintain our protected data, by (your deadline)?
- We will require evidence that you and all of the subcontractors are implementing compliance prior to the September deadline, or we will be forced to find a vendor who will comply. When will you be able to provide evidence you are working towards compliance in the following areas:
- Written Policies
- Documented HIPAA-compliant procedures
- Workforce training
- HIPAA-compliant workflows
- Documentation of your work to provide evidence of compliance for an audit or data breach investigation
6. We may require an independent audit, at your expense, of your compliance as a requirement for you to continue as our vendor. Will you agree to this?
Get all answers clearly and in writing. If the answer is NO to any of the questions, you have no choice but to escalate your concerns to your vendor’s executive to be sure they are aware that you will have no choice but to replace them. Also let them know that they are business associates and you and the government hold them responsible even if they do not want to comply. Start interviewing their competitors and select one that will comply.
September 23rd will be here before we know it. Have our team help you find the right HIPAA compliant business associate to help your business. We are here to help you.
Our IT Professionals can help you prepare for the IT side of your HIPAA requirements. Give us a call today and lets discuss your current I.T. service requirements and how our team can help.