It’s a brave new world out there for business associates. The omnibus has finally been published and the industry is facing a September 2013 compliance deadline. Business associates needed to comply with the HIPAA security rule and the use and disclosure provisions of the privacy rule in February 2010 as a result of the HITECH Act. The Office for Civil Rights (OCR) held off on any enforcement activities. Now enforcement is set to begin September 23, 2013.
A big change is a re-definition of who are business associates that greatly expands the number of companies that need to step up compliance efforts to avoid potential civil penalties down the road. Subcontractors who have access to or who store PHI need to sign those business associate agreements by September and be in a position to demonstrate compliance.
If you represent a business associate or a soon-to-be business associate contractor, here are the top nine things you need to do to demonstrate compliance by September 23, 2013 and to avoid potential fines down the road.