The HIPAA Omnibus Rule compliance date is on Monday. Are you ready?
I’m sure the answer for most organizations is NO!
In fact, the real question that I hear most organizations asking is what they need to do to be compliant with the new HIPAA omnibus regulations. One of my more popular video interviews was on the subject of HIPAA Omnibus with Rita Bowen from HealthPort. That might be one place to start.
OCR and ONC recently released some model HIPAA Notice of Privacy Practice forms to help with compliance. Why they are just releasing them a week before organizations are suppose to be compliant is a little puzzling to me. Hopefully your organization is well ahead of the game on this, but you could still compare your Notice of Privacy Practices with the model forms they released.
David Harlow from the Health Blawg wrote the following about the model forms:
I was disappointed, however, with one of the examples given in the model NPP:
*You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
*We will say “yes” to all reasonable requests.
Telephone and snail mail are nice, but many patients would prefer to be in contact with their health care providers via text message or email. Both modes of communication are permitted under HIPAA wth the patient’s consent (which may be expressed by simply emailing or texting a provider), but if the NPP doesn’t alert patients to that right, then many will never be aware of it.
As I heard voiced at a healthcare billing conference yesterday, “You have to be HIPAA omnibus compliant on Monday. I’m not saying you should spend your whole weekend making sure you’re in compliance. The HIPAA auditors won’t be knocking your door on Monday, but you better become compliant pretty quickly if you’re not already.”