The new HIPAA Omnibus rules go into full effect Monday 23 September 2013. There are new regulatory requirements for IT vendors working with life science & healthcare “covered entities”, such as, new required delineated business associate agreements (BAA) contracts related to detailed risk-based assessments and detailed alignments, named HIPAA Security Officers, documented HIPAA compliance and IT training, human genetic information now included in protected health information (PHI) and the list goes on and on…
An in-depth legal review article takes a deep dive into some of the most significant changes that will impact IT vendors and covered entities.
“Final HIPAA Omnibus Rule Brings Sweeping Changes to Health Care Privacy Law: HIPAA Privacy and Security Obligations Extended to Business Associates and Subcontractors”
Harmonized regulatory risk-based framework for health information technologies
On July 2, 2013 the US Department of Health and Human Services (HHS) has issued the final “Health Information Technology Patient Safety Action and Surveillance Plan” or the “Health IT Safety Plan” http://www.healthit.gov/policy-researchers-implementers/health-it-and-patient-safety
The Health IT Safety Plan has two fundamental objectives:
1. To promote the health care industry’s use of health IT to make care safer; and
2. To continuously improve the safety of health IT.
The HHS Office of the National Coordinator (ONC) for health information technology (HIT) will coordinate with AHRQ, CMS, FDA, FCC and the Office for Civil Rights (OCR) centralizing on FDA’s risk-based regulatory framework for health IT, that protects patient safety, promotes innovation and avoids regulatory duplication.
FDA’s Risk-Based Regulatory Framework
The underpinning of FDA’s risk-based regulatory framework for health IT is Good Informatics Practices (GIP) guidelines. Today the Introduction and Intended Use and seven chapters or modules have been extensively peer review and published by HIMSS.org.
① Executive Summary
② Infrastructure & Cloud
③ Risk Management
④ Data Management
⑥ Training & Training Practices
⑦ Validation & Verification
Our friends at Abnology (www.abnology.com) played a significant roll in leading the authorship of GIP’s and utilize GIP’s as their architectural reference in their product the Trusted Health Cloud® enterprise system, released in 2010 and today available in data centers nationally.
We recommend you become familiar with GIP’s. The GIP’s are a great resource to utilize in the HHS required HIPAA compliance and IT training.
We have made available GIP Executive Summary Introduction and Intended Use publications from HIMSS:
For more information on how this may impact your company, please contact Tridea Partners at firstname.lastname@example.org. Tridea Partners is a leading Gold Certified Microsoft Dynamics AX, Dynamics GP, and Dynamics CRM partner serving Southern California and Salt Lake City regions.
This post was written by Howard Asher, Chairman at Abnology, Trusted Health Cloud.