The September 23 compliance deadline for most of the provisions of the HIPAA omnibus rule has come and gone. But for covered entities (CE) and business associates (BA), now is not the time to take your foot off the gas pedal.
It's a brave new world out there for business associates (BA). BAs needed to comply with the HIPAA Security Rule and the use and disclosure provisions of the Privacy Rule in February 2010 as a result of the HITECH Act. However, the OCR held off on any enforcement activities-that is, until recently.
Every healthcare organization should develop and implement a policy and a well-defined process that provides guidance for managing incident and breach response.