Editor’s note: These tips are excerpts from the April edition of the HCPro, Inc. newsletter, Briefings on HIPAA. For more information on subscriptions and purchasing this full article, go here .
Be aware of what is happening and attend to all aspects of ensuring privacy and security, says Margret Amatayakul, MBA, RHIA, CHPS, CPHIT, CPEHR, CPHIE, FHIMSS, president of Margret\A Consulting, LLC, in Schaumburg, IL. For example, organizations need to tighten access controls and audit logging as they transition toward EHR. Include provisions to encrypt any data that leaves an organization to prevent breaches, she says.
Review the status of BA contracts. "I'm advising a wait-and-see approach," says John R. Christiansen, Esq., whose practice at Christiansen IT Law in Seattle, which focuses on health IT. With respect to updating BA contracts, "I think it's very clear we will have an ability to have grandfathered contracts," he says.
Christiansen updates some versions of contracts in accordance with the proposed rule on modifications to the HIPAA privacy and security rules, but he doesn't recommend that organizations adopt them unless contracts are expiring and rolling over. With respect to rollovers, organizations must decide whether to use the updated contracts or wait for the final rule.