Confidential

HIPAA/HITECH – The Final Omnibus Rule

Grant ElliottCEO, Ostendio, Inc.

Confidential

What is the Final Omnibus Rule

• Part of the HITECH Act, the Final Omnibus rule adds a number of additional provisions to the Privacy and Security protections within HIPAA. These include:

– Business Associates become directly liable for compliance with certain Privacy and Security Rules' requirements

– Individuals rights to receive electronic copes of their data are expanded

– Additional enhancements to the Enforcement rule around willful neglect

– Adopted changes to the tiered civil money penalty structure

– Introduced “harm threshold” for Breach Notification

• The final Omnibus Rule became effective March 23rd 2013, with Business Associates given 6 months to be compliant

Confidential

So how do I know if HIPAA Applies?

• Are you a Covered Entity i.e. a health plan, health care clearinghouse or a health care provider?

• Are you a Business Associate i.e. you are operating on behalf of a Covered Entity or a Business Associate?– This is determined by who the user is ‘contracting’

with

• Are you exchanging sensitive and identifiable health data with the Covered Entity i.e. PHI?

http://ostendio.com/why-the-final-omnibus-rule-is-good-news-for-many-mobile-health-application-developers/

Confidential

5 simple steps to secure your business

• Whether HIPAA applies or not you should always take steps to secure Sensitive data. Start by:

– Assigning responsibility

– Publishing policies even if they are just 1 paragraph

– Set up a single place to store policy documents 

– Training & Education

– Enforce compliance – follow up!!!http://ostendio.com/5-simple-steps-to-secure-your-business/

Confidential

Grant Elliott | CEO | Ostendio, Inc.Tel: +1 703 646 0304 E-mail: gelliott@ostendio.com Website: www.ostendio.comFacebook: www.facebook.com/ostendioTwitter: @ostendio

Contact Details