Recently the Department of Health and Human Services made their final rulings regarding HIPAA compliance for covered entities and business associates. While the rules became effective on March 26, 2013 most organizations are required to be compliant by September 23, 2013. As your business associate, HR Concepts continues to invest significantly in order to maintain our full compliance with all relevant HIPAA security and privacy rules. The following items highlight some of the key facets of our compliance efforts and how those rules help to protect our clients and partners.
Written Information Security Program (WISP)
The HR Concepts WISP will include updated Administrative, Physical, & Technical safeguards outlying compliance with recent HIPAA guidance for both the privacy and security rule.
New Business Associate Agreements (BAA)
HR Concepts legal counsel is in the process of reviewing & updating our Business Associate Agreement (BAA) to comply with updated HIPAA rules. We will provide an updated BAA to each of our clients when they become available.
Sub Contractor and Vendor Agreements
HR Concepts is requiring updated Business Associate Agreements for any third party where personal health information (PHI) & electronic personal health information (ePHI) is of concern. HR Concepts is in the process of reviewing our partnerships with subcontractors and vendors that access, transmit, receive or store PHI data.
Updated privacy notice on website to reflect HIPAA privacy rule
Organizational Risk Assessment & Risk Management for HIPAA compliance
In order to ensure full compliance with the final HIPAA rules HR Concepts is engaging the assistance of a third party security firm to review our systems, documentation, and internal controls.