Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter September 2013 Archive


HITECH Act Compliance is a Team Sport:  Is your team Omnibus Rule ready?

 September  2013 Issue No.  45
In this Issue
Products now available in the HSG Store
Impact of the HIPAA Omnibus Rule: Reading the Tea Leaves?
HITECH Switch OnProducts now available in the HSG Store. 


HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.

 

 Buy Now...  

 

 

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links

Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources
HIPAA Survival Guide Store Overview
HIPAA Survival Guide Store Overview

Cloud, Social Media, and Mobile Checklist Product Overview
Cloud, Social Media, and Mobile Checklist Product Overview
Business Associate Agreement Product Overview
Business Associate Agreement Product Overview
HIPAA / HITECH Core Training Product Overview
HIPAA / HITECH Core Training Product Overview
Privacy Rule Checklist Product Overview
Privacy Rule Checklist Product Overview
Breach Notification Framework Product Overview
Breach Notification Framework Product Overview

HSG Logo 
 
Dear Carlos,

Welcome to our September 2013 HITECH / HIPAA Compliance Newsletter.  

 

Our article this month is entitled: Impact of the HIPAA Omnibus Rule: Reading the Tea Leaves?

 

We have written about the Omnibus Rule ("Rule") on numerous occasions, most recently here and here. However, this month's article will focus less on the specific contents of the Rule and more on the impact it is likely to have on the healthcare industry going forward. The implementation date of the final rule (i.e. September 23, 2013) is fast approaching and yet many within the healthcare industry remain befuddled as to what this implementation date portends.

 

FREE HIPAA Omnibus Rule Webinar

 

Due to overwhelming demand we are offering our Omnibus Rule Webinar again in a couple of weeks.

 

Webinar Description

 

This Webinar will provide a detailed summary of the changes introduced by the Omnibus Rule and clarify a number of misconceptions regarding it. It will also discuss the likely impact of the Rule going forward.

 

Date/Time

 

Thursday, September 12, 2013 2:00 PM - 3:00 PM EDT

 

Registration

 

Click here to register.

 

Only one hundred seats are available so login in early if you want to attend.

 

HSG Subscription Plan Front Cover We are pleased to announce Release 1.0 of our Subscription Service which is available for purchase in our new HIPAA Survival Guide Store along with our suite of Omnibus Rule Ready™ products. Our product suite has been updated to reflect Omnibus Rule modifications.

 

Our Subscription Service and products provide policies, processes, and tracking mechanisms to help covered entities and business associates deliver visible, demonstrable evidence of HIPAA compliance. The HIPAA Rules tell you what is required in order to comply; our Products provide best practice step-by-step guidance to help you meet your compliance objectives.

HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
 
HIPAA Training  

 

Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  
Twitter

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.



Main_Article Impact of the HIPAA Omnibus Rule: Reading the Tea Leaves?
Webtones Pointer We have written about the Omnibus Rule ("Rule") on numerous occasions, most recently here and here . However, this month's article will focus less on the specific contents of the Rule and more on the impact it is likely to have on the healthcare industry going forward. The implementation date of the final rule (i.e. September 23, 2013) is fast approaching and yet many within the healthcare industry remain befuddled as to what this implementation date portends.
 
One thing is certain, the "long slow walk" of rolling out the HITECH Act regulations is mostly over. The Omnibus Rule puts a HITECH "bow and tie" on HHS rule making with final changes to the following four HIPAA rules:
  1. The Enforcement Rule;
  2. The Breach Notification Rule;
  3. The Privacy Rule; and
  4. The Security Rule.

And with that, HHS' HITECH heavy lifting is over. To be sure, there still remains some consequential rule making on HHS' plate. For example, the methodology for determining who gets audited and how patients will participate in fines generated through their complaints are still as yet undefined. Although more than "mere details," these latter issues do not lie at the heart of the HITECH Act.

 

HITECH / HIPAA NewsletterEnhanced Enforcement


There are many reasons to expect that HHS will start cranking up its enforcement efforts. First of all, the HITECH Act provides tools for enhanced enforcement as a substantive part of the statute. Second, the U.S. government is desperate for revenue, and the HITECH Act provides HHS a self funding mechanism in 13410(c). Third, there is no presidential election looming, at least not for the sitting president. Finally, Washington as a whole, as dysfunctional as it may be, has a legitimate cybersecurity concern in protecting the nation's critical infrastructure. There's more or less a consensus that the healthcare industry lags other industries in implementing privacy and security safeguards (e.g. financial services).

  

Key Contract Sections Compliance as a Marketplace Differentiator?

 

The Omnibus Rule most directly impacts business associates because their "get out of jail FREE" card expires on September 22, 2013. Business associates ("BAs") are just now starting to wakeup en masse and are beginning to realize that the bar has been set much higher with respect to doing business with covered entities ("CEs"). The liability exposure for CEs, in terms of both financial and reputational loss, dramatically increases under the HITECH Act. You can expect that few CEs will be as cavalier as they may have been in the past with their business associate agreements ("BAAs"). 

 

Expect innovative BAs to start using compliance as a marketplace differentiator as competition for CE business heats up. Offshore companies may be at a competitive disadvantage unless they can demonstrate their bonafides in the privacy and security space and ease CE concerns regarding non-compliance. Although offshore BAs don't need to comply with U.S. law, CEs will nonetheless put them "on the hook" contractually through BAAs and perhaps even demand increased indemnification. Expect to see BA consolidation and leading offshore nations lending support to the BA community in order to prevent lost business due to the inability to harmonize local law with U.S. law.

 

Read More...

About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.


Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903


Contact us today

CLICK HERE!