Is your agency prepared for September 23, 2013?  Below are 5 critical steps from Page, Wolfberg & Wirth, the National EMS Industry Law Firm, to make sure that you are ready. 

1. Conduct an Updated Risk Analysis.  What’s a risk analysis? If you don’t know, or if you haven’t performed one recently, you need to know that the federal government cites not doing a risk analysis as one of the biggest compliance violations for healthcare providers. 

2. Update your Business Associate Agreements (BAAs).  It’s just a matter of time before all business associate agreements that don’t comply with the new HIPAA regulations have to be updated.  Know what your business associate agreements need to include and when they must be updated.

3. Update your Notice of Privacy Practices (NPPs).  The new regulations require changes to your current Notice of Privacy Practices.  You’ll have update your NPPs and also know how this updated notice should be provided to patients to account for all of the new HIPAA changes.

4. Update your HIPAA policies.  Patients have new rights.  Like the right to pay out-of-pocket and ask that you not submit a claim to their insurance.  Your policies need to reflect this and other new rights.  Outdated policies pose compliance risks but just having the policy isn’t always enough –proper action is key. 

5. Be prepared for the new wave of enforcement.  Government regulators are looking at where you’re vulnerable when it comes to HIPAA compliance.  State Attorneys General as well as federal agencies (the HHS Office for Civil Rights) possess HIPAA enforcement and investigation powers.  HIPAA penalties and enforcement have increased significantly in the wake of these new Federal laws and regulations.  An ounce of prevention is worth a pound of cure.