1/27/2010
Norbert F. Kugele,
Nathan W. Steed
With the HITECH compliance deadline of February 17, 2010 rapidly approaching, have you taken the necessary steps to implement the changes to HIPAA?
Here is a quick checklist of what you should be doing to comply:
Send updated agreements to your business associates. This should be your No. 1 priority because you want to make sure that you can execute the agreements before February 17, 2010.
Adopt a HIPAA breach notification policy. The Department of Health & Human Services released an interim rule in August and will begin enforcing the rule beginning on February 22, 2010.
Amend HIPAA policies and procedures to address the following issues:
Updated minimum necessary rule
Additional prohibitions on the use of PHI for marketing
New individual right to request restrictions on disclosures to health plans
Evaluate your Notice of Privacy Practices to see if updates are necessary to reflect the changes above.
Train staff on new procedures.
We are still expecting updated regulations addressing these and other HITECH issues. However, recent comments from the Department of Health & Human Services indicate that the regulations are not yet final, leaving open the possibility that they will not even be released before the HITECH amendments take effect. Thus, if you’ve been waiting for the new regulations before trying to implement the HITECH amendments, we suggest that you stop waiting and take action now.
If you need help with HIPAA, please contact Norbert F. Kugele (nkugele@wnj.com or 616.752.2186) or Nathan W. Steed (nsteed@wnj.com or 616.752.2723), or any other member of Warner's Employee Benefits or Health Law practice groups.
