On September 23, 2013, the HIPAA Omnibus Rules became effective. You can read the detail of the process and get huge amounts of information from the HHS web site; you can read the entire Rule as published in the Federal Register. But if you are strapped for time and you want to be sure you and your organization have done everything you need to do to meet the requirements of the rule, you can take a look at an excellent summary published by the Godfrey Kahn Law Firm of Wisconsin that was published in March. There are many such summaries around and you definitely should take a look at one of them if you are the Privacy Officer for your organization. I know that many organizations have not done even the basics of updating their Notice of Privacy Practices or updating their Business Associate Agreement (BAA) . . . you do have those, right?
Keeping the protected health information (PHI) of your clients secure and private is a significant responsibility, especially the sensitive information of behavioral health clients. I hope you have taken these changes seriously.
Please share your comments below.