Written by Bill Leonard, Vice President, Professional Services - iatricSystems
I may be dating myself a bit with the above remake of the The Who's ‘Magic Bus’ song, but it seemed to work. Please don’t ask me to sing it. There are a lot of questions and much confusion surrounding the HIPAA Omnibus Final Rule.
The HIPAA Omnibus Rule defines the relationship between the Covered Entities and their Business Associates and outlines the responsibilities and risks associated with exchanging PHI with your Business Associates With this new rule, we are going to see more instances of breaches where the Business Associate is at fault. Healthcare IT News wrote an article earlier this year in which the Business Associate was to blame for a breach (http://www.healthcareitnews.com/news/hipaa-breach-puts-blame-business-associate). And, if you're liable for a breach it’s not going to cost you a thruppence and sixpence each day (again with the Magic Bus reference!) The Omnibus Rule expands liability and can impose civil monetary penalties up to $1.5 million for all violations in a calendar year. Not having a tool to assist with understanding your risk should be classified as willful neglect.
At Iatric Systems we have simplified the process of managing your agreements and the risk associated with them through our latest solution: Privacy Risk Manager™. Privacy Risk Manager allows hospitals to create a workflow and effective process for vendor relationship management. Hospitals are able to see the status of all their agreements and related risk through the use of dashboards, alerts, and notifications. Privacy Risk Manager allows your organization to put the contract review in the hands of your Privacy officers. Most importantly, as shared in this article:
Privacy Risk Manager will promote a culture of compliance with your vendors and allow you to build that trust-based relationship with your patients.