Before the HIPAA Omnibus Rule went into effect last year, the standard for determining whether or not patients needed to be notified in the event of a breach of Protected Health Information (PHI) was pretty subjective. If, for instance, a computer with PHI of 3000+ patients was stolen from a small practice, it was the […]
When it comes to safeguarding Protected Health Information (PHI), you could say, “It takes a village.” The Omnibus Rule underscores the fact that protecting patients’ health information and their right to privacy is the responsibility today not only of healthcare providers, but also of their business associates (BAs) whose work requires them to access PHI.
“The times they are a changin’,” Bob Dylan sang in the Sixties. And they still are, especially when it comes to HIPAA and its regulaltions regarding Business Associate Agreements. The Omnibus Rule that went into effect in September of 2013 makes it clear that business associates of healthcare practices now have to comply with many
Just now, out of curiosity, I Googled the words “HIPAA compliance checklist.” Within .20 seconds I got 2,470,000 results. Page after Google page of businesses, legal firms, healthcare organizations, and government agencies offering everything from “Ten-Point HIPAA Checklists” to “$89 Compliance Checklists.” The appeal of such lists is undeniable. Knowing what I know about HIPAA