With less than two months to go before the HIPAA Omnibus Rule compliance deadline, many experts are taking the time to remind covered entities (CE) and business associates (BA) of what needs to be done by September 23.
According to an alert sent out by legal experts at Saul Ewing, LLP,  there are five things that all CEs need to accomplish before the deadline:
- Update your notice of privacy practices
- Update your BA agreements (BAA)
- Update breach response policies
- Review and update your HIPAA manual
- Educate your employees
Additionally, the law firm’s alert advises BAs and subcontractors to make sure the BAAs they send to CEs are in compliance with the Omnibus rule. It may be necessary for BAs to revise policies and procedures to reflect the fact that they may be implementing agreements with subcontractors that are BAs, according to the alert. The firm advises CEs, BAs, and subcontractors to use August and early September as a time to double check that all their efforts comply with the Omnibus rule.