Monday, September 29, 2014

HIPAA is Here – Is Your Law Firm in Compliance?


With the government starting to make noise about upcoming audits, and the September 22 deadline for all organizations to update grandfathered business associate agreements that have not yet been brought into compliance with the new Omnibus Rule having passed, the McLane Law Firm (a New England based firm with 90 lawyers) writes: "HIPAA One Year Later: Is Your Law Firm Complying?"
  • "Since nearly a year has passed since the compliance date for most provisions of the Final Rule6, this article focuses on assisting lawyers and law firms looking to evaluate the sufficiency of their compliance efforts to date. This article also underscores the potential impact of the Final Rule on lawyers and law firms in light of recent enforcement activity by the Office of Civil Rights ("OCR") of the HHS, the federal agency charged with enforcement and administration of HIPAA."
  • "The Final Rule also requires updated provisions in BAAs and now requires business associates to have BAAs with its subcontractors. BAAs must provide that the business associate (or subcontractor, as applicable)."
  • "The Final Rule should have been a wake-up call for lawyers and law firms which have access to PHI to ask whether they are considered business associates of covered entities and, if so, to take the steps necessary to comply with their duties and obligations as business associates by September 23, 2013."
  • "Therefore, if a firm represents a covered entity or a business associate of one and accesses PHI to do its job, it must comply with the HIPAA Rules... It is significant that business associate status attaches under the HIPAA Rules regardless of whether the firm has signed a business associate agreement."
  • "Since the release of the Final Rule, OCR investigation and enforcement activities have served to highlight the unfortunate consequences that can arise from failure to comply with the Final Rule. Moreover, the extension of certain covered entity responsibilities to business associates now makes civil and criminal liability possible for lawyers and law firms."
  • "Attorneys who represent healthcare clients are keenly aware of HIPAA compliance issues and routinely work with these clients to ensure compliance. These lawyers, however, are not always mindful of the fact that the Final Rule makes the same standards allegedly violated by APDerm applicable to the lawyers and law firms which receive PHI from covered entities."
Previously, we hosted a webinar on HIPAA compliance for law firms. Interested readers can watch a recording of that and learn more about how Intapp is working with many law firms to address HIPAA compliance.

No comments:

Post a Comment