It's a brave new world out there for business associates (BA). BAs needed to comply with the HIPAA Security Rule and the use and disclosure provisions of the Privacy Rule in February 2010 as a result of the HITECH Act. However, the OCR held off on any enforcement activities-that is, until recently.
To comply with the HIPAA omnibus final rule, healthcare organizations need to revise their risk assessment process to determine whether they must notify affected individuals of a breach.
HIM directors are responsible for the integrity of patients' records-even when a hospital shuts down certain wings of the facility or closes its doors entirely.
There is some common ground in the corrective action plans (CAP) that OCR has imposed on healthcare organizations it has investigated for HIPAA privacy and security deficiencies.
Quality of care is a top priority for HHS, CMS, OIG, and DOJ. It also has always been an issue for state surveyors, state attorneys general, and Medicaid Fraud Control Units as they examine skilled nursing facilities. In fact, quality of care is now part of the OIG's annual Work Plan.
