Sept. 23, the compliance deadline for the Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule, is getting closer and closer. In this Healthcare Informatics podcast, health IT privacy guru, Mac McMillan, co-founder and CEO of CynergisTek, Inc. and current chair of the HIMSS Privacy & Security Policy Task Force, goes into detail about what providers should know when it comes to complying with the regulatory measure.
McMillan, specifically, talks about how the relationship between business associate (BA) and provider has changed with the new rule, and why it’s a wakeup call for the industry. “You can’t just give them a BA agreement and you’re done. That won’t suffice anymore,” he says. A few weeks ago, McMillan wrote specifically about this element of the Omnibus Rule in his blog.
In addition, McMillan talks about how the section that limits how protected health information (PHI) can be used for marketing and fundraising purposes is a positive for providers. He also explains the more stringent breach notification and enforcement changes that could with the rule.
Lastly, McMillan emphasizes the importance of training. “The biggest thing, I would say, is educating your staff. Making sure your workforce knows and understands what these changes are and how it affects them in their workflow,” he says.