Chris Apgar, CISSP, CEO & President, Apgar & Associates, LLC
The HITECH Act created new categories of business associates that included health information organizations (HIO), these days referred to as HIEs, and health insurance exchanges (HIX). OCR is preparing to make sure these business associates follow the HIPAA rules.
The omnibus rule compliance date is rapidly approaching. If you’re an HIE or an HIX, it’s time to make sure all of those policies are in place, the workforce is trained and all of those other tasks that pave the road to HIPAA compliance. This also includes, among other things, reaching out to all of your covered entity customers and negotiating that business associate agreement, testing security incident response plans and that business continuity plan. You will walk away with a solid understanding of the not-so-new privacy and security requirements and practical information you can use to ramp up your compliance efforts in preparation for the September 23, 2013 omnibus rule compliance deadline.