I have updated and posted on the Premium Member section of the Veterans Press website the HIPAA Management White Paper that I had earlier updated to discuss the HITECH Act. Now, it also discusses the Omnibus Rule changes, especially in the area of increasing the severity of enforcement actions. You may want to use this updated white paper to help management in the decisionmaking process regarding funding for HIPAA compliance measures.
Remember that the key Omnibus Rule change is that a covered entity or an “upstream” business associate may be liable for a breach by a “downstream” business associate if the business associate or subcontractor business associate qualifies as an agent under the federal common law of agency. Thus, make sure that your business associate agreements do not contain provisions to control the day-to-day operations of the business associate. See my February 18, 2013, blog post “You’d Better Not Control Your Business Associate’s Performance” for more information. Also note that I had earlier posted for you on the Premium Member section of the Veterans Press website a sample Omnibus Updated Business Associate Agreement.
If you bought the HIPAA Compliance Library that includes my 5th edition of the Compliance Guide to HIPAA and the DHHS Regulations, you received with it a one-year free subscription to the Premium Member section. If you need help setting up your account to access the Premium Member section, please call our marketing director, Patrick R. Head II, toll-free at 855-341-8783 or email him at patrick@veteranspress.com.