Summer is right around the corner, so you are probably thinking about cookouts, pool parties, and vacations. HIPAA is probably the furthest thing from your mind (if not, you probably wish it was). However, before you book those beach vacations, do not forget to mark September 23, 2013 on your calendars, as this is the general deadline for compliance with the new HIPAA Omnibus Rule.
HIPAA Omnibus Rule Alters Business Associate Requirements for Covered Entities, Business Associates, and Subcontractors
Most covered entities (e.g., health plans and health care providers) are aware that they are obligated under HIPAA to have business associate agreements (“BAAs”) in place with their business associates who use or disclose protected health information (“PHI”) in carrying out their obligations to the covered entity (e.g., third-party administrators, claim processors, etc.).
While audits of qualified retirement plans have become commonplace, audits of health and welfare plans have historically been much less common. Only a select group of “lucky” employers was subjected to health and welfare plan audits, and the scope of those audits was somewhat limited. Unfortunately, it appears that trend is ending. We are seeing a notable increase in the frequency of health and welfare plan audits, and the scope of these audits is becoming much broader.