HIPAA Omnibus: Strategies for Compliance (Podcast)

Sept. 23, 2013

The day in which healthcare entities must be in compliance with the new provisions of the Health Insurance Portability and Accountability Act (HIPAA), known as the Omnibus Rule, has arrived. In this podcast, Healthcare Informatics Associate Editor Gabriel Perna speaks with Joseph Kirkpatrick, managing partner at KirkpatrickPrice, an independent audit firm that works with healthcare providers and vendors, about these new rules and how healthcare entities must go about dealing with them.

Gabriel Perna

The six-month grace period is over and today is the day that healthcare entities must be in compliance with the new provisions of the Health Insurance Portability and Accountability Act (HIPAA), known as the Omnibus Rule. In this podcast, Healthcare Informatics Associate Editor Gabriel Perna speaks with Joseph Kirkpatrick, managing partner at KirkpatrickPrice, an independent audit firm that works with healthcare providers and vendors, about these new rules and how healthcare entities must go about dealing with them.

Joseph Kirkpatrick

Kirkpatrick talks about some of the elements of Omnibus which directly impact healthcare providers, such as changes to how they can use patient information for marketing purposes and the increased clarification on breach notification. However, the most prominent change coming from Omnibus, according to Kirkpatrick, is the relationship providers have with their business associates.

“In the past, healthcare organizations would outsource certain functions to third-parties and they would require them to sign business associate agreements. But now that there are more stringent requirements being placed on business associates, I think that healthcare providers should be looking at their contracts, looking at those agreements, and trying to determine should we more specific with what we are asking them to sign contractually that they will do, when protecting patient information,” Kirkpatrick said to Perna.

Kirkpatrick talks about the potential mess providers would have on their hands if they don’t comply with these new business associate rules. He said the term “willful neglect” could apply to them, and they could be levied large HIPAA fines as a result.

What’s important for healthcare organizations to do, Kirkpatrick said, is to make a list of their current business associates, ensure they have an updated agreement, and also, rank those associates in terms of risk.

Below is even more coverage from Healthcare Informatics on the HIPAA Omnibus Rule:

The Guidance Begins to Roll Out

As HIPAA Omnibus Compliance Ticks Closer – What Should Providers Know?

In HIPAA “Possession” is 10/10ths of The Law

Looking at the HIPAA Final Omnibus Rule: An Attorney's Perspective

……………….

To download this or other HCI Podcasts from iTunes, click here.

Continue Reading

HIMSS24: Attendance Appears Equal to That of HIMSS23

Sponsored Recommendations

The Healthcare Provider's Guide to Accelerating Clinician Onboarding

Improve clinician satisfaction and productivity to enhance patient care

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...