It's a brave new world out there for business associates (BA). BAs needed to comply with the HIPAA Security Rule and the use and disclosure provisions of the Privacy Rule in February 2010 as a result of the HITECH Act. However, the OCR held off on any enforcement activities-that is, until recently.
The September 23 compliance deadline for most of the provisions of the HIPAA omnibus rule has come and gone. But for covered entities (CE) and business associates (BA), now is not the time to take your foot off the gas pedal.
To comply with the HIPAA omnibus final rule, healthcare organizations need to revise their risk assessment process to determine whether they must notify affected individuals of a breach.
HIM directors are responsible for the integrity of patients' records-even when a hospital shuts down certain wings of the facility or closes its doors entirely.
There is some common ground in the corrective action plans (CAP) that OCR has imposed on healthcare organizations it has investigated for HIPAA privacy and security deficiencies.
