Everyone old enough to remember will recall Y2K – the year our world was supposed to end in a catastrophic transition from December 31, 1999 to January 1, 2000. Instead, since we are still here, we all recall what happened: nothing.
September 23, 2013 was the day when the new HIPAA regulations for covered entities came into effect. Despite all the whining and predictions of disaster, we all continue to exist and the world did not end. What happened? A lot has happened.
The regulations gave all covered entities 180 days to comply with the new HIPAA requirements, which impose new and significant obligations on covered entities to revise their HIPAA policies. Covered entities should have updated their HIPAA compliance policies and procedures, their notices of privacy practices and their business associate agreements for protecting sensitive health information from disclosure.
The key areas to change included: