|
|
As you’ve undoubtedly heard by now, the U.S. Department of Health and Human Services has finalized the omnibus privacy and security rules under the Health Insurance Portability and Accountability Act (HIPAA). The revised rules, which were released in mid-January, were first introduced for comment in the summer of 2010. (See “HHS Finalizes Changes to HIPAA Privacy and Security Rules,” p. 8.) Since 2010, Storage & Destruction Business magazine and the associations serving the records and information management (RIM) industry—PRISM International and the National Association for Information Destruction (NAID)—have provided numerous articles and educational sessions about how RIM service providers should prepare for the pending changes. And now that the rule is final, you’ll be hearing more on the topic from all three sources. This issue of SDB, for instance, features an article by Lisa J. Sotto, Ryan P. Logan and Melinda McLellan with Hunton & Williams LLC, New York. Sotto and her colleagues look at what these changes will mean for RIM businesses in “Preventive Measures,” on p. 20. They provide an overview of these changes and the steps RIM companies need to take in response. NAID also has planned to cover the topic at its 2013 annual conference, which will conclude shortly before you receive this issue. The association has planned two sessions dedicated to the topic of HITECH (Health Information Technology for Economic and Clinical Health), the act that introduced the changes to the HIPAA Privacy and Security Rules—The HITECH Opportunity: You Ain’t Seen Nothin’ Yet and the HITECH Sales Training Course. PRISM also has covered the topic in a webinar that was free to its members. The March 5 webinar featured speakers Brude A. Radke and Christopher T. Collins with the law firm Vedder Price. The webinar sought to address the changes in the definition of “business associate” and the new definition of “subcontractor,” identify the new obligations and direct liability for business associates and their subcontractors, discuss potential changes to business associate agreements, explore the revised definition of “breach” and the effect on breach notification and identify actions that PRISM members must take as a result of the final rules. The association’s annual conference, scheduled for May 14-16, also will include a session on the changes to HIPAA. Kelly McLendon of CompliancePro Solutions presents the session, HIPAA and the Final Omnibus Rule – What you Need to Know, May 15 from 3:30 to 4:30 p.m. PRISM describes the session as a “must-see” for records centers handling HIPAA-protected health records. I hope you, as a RIM services provider, are taking advantage of these educational resources related to the changes to HIPAA in an effort to fully understand how the omnibus rule will affect your business. To be able to play by the rules, you need to thoroughly understand them. |
