Resource:

HIPAA Final Omnibus Rule Playbook: Winning the Compliance Game

Tool

Challenge: Care Continuum  Clinical Integration  

Content provided by AHA Endorsement partner: ID Experts

With 94% of health care organizations having suffered data breaches, at a cost of $7 billion a year, every organization needs guidance on how to comply with all major aspects of all HIPAA-HITECH Privacy, Security and Breach Notification Rules. This is your ticket to winning the compliance game.

Data breaches risk the medical and financial well-being of your patients (or members if you are a health plan), and the credibility and future business of healthcare organizations.

At the same time, federal and state governments are issuing even more regulations in response to the growing public concern and eroding public trust over the protected health information (PHI) breach epidemic. The most sweeping of these regulations is the long-awaited HIPAA Final Omnibus Rule.

Published in the Federal Register on January 25, 2013, by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the HIPAA Final Omnibus Rule reflects landmark legislation that affects nearly every aspect of patient privacy and data security. It encompasses a number of changes, including:

  1. Modification of the HIPAA Privacy, Security, and Enforcement Rules to include HITECH requirements
  2. Modification of the Breach Notification Rule
  3. Modification of the HIPAA Privacy Rule regarding the Genetic Information Discrimination Act of 2008
  4. Additional modifications to the HIPAA Rules

 

HIPAA covered entities (CEs) must overcome daunting challenges — lack of time, resources, and expertise — to win the compliance game. With HHS Office for Civil Rights imposing more severe penalties for violations, covered entities need to take the offensive and plan for victory now. The coaching staff at ID Experts assembled this comprehensive playbook to guide privacy and information security professionals to compliance. The “plays” we’ve developed encompass all major aspects of the Final Rule — HIPAA-HITECH Privacy, Security, and Breach Notification Rules — and how you need to manage your business associates based on new guidelines.

We’ve chosen these plays to help covered entities with limited time and resources identify key aspects of the Final Rule and plan for compliance by the September 23, 2013, deadline—and beyond. The checklist below outlines the requirements of the Final Rule and the plays you should make to protect your team, avoid penalties, and win the compliance championship.

Download the play book now!