SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

HIPAA Omnibus Rule: What You As a Business Associate Need to Know

Healthcare Assessments

The HIPAA Omnibus Rule which took effect on September 23, 2013, has led to the evolution of the HIPAA Compliance environment. Now more than ever it is important to understand what the security and privacy obligations are of a business associate (BA) or a subcontractor of a BA. BA’s are now mandated to comply with the HIPAA Privacy and Security rule requirements. Below are some high level requirements that BA’s need to be aware of when assessing their compliance environment:

  • HIPAA Privacy, Security and Enforcement regulations have been modified:
  • BA’s and subcontractors of BA’s are now directly liable for compliance
  • Limitations on the use and disclosure of protected health information (PHI) have been strengthened
  • Individual’s rights to both receive electronic copies and restrict disclosure of their health information have been expanded
  • HITECH Act has been implemented to enhance the Enforcement Rule, specifically regarding privacy breaches and penalties
  • Creates an increased and tiered civil penalty structure for security breaches under the HITECH Act
  • The definition of what constitutes a reportable security breach and what factors should be considered when determining whether a reportable breach has occurred have been modified and clarified

HIPAA compliance requirements can be complex and difficult to understand at first. For additional details, including an introduction and overview on how HIPAA and HITECH standards impact your organization and any other HIPAA compliance and risk mitigation inquiries -contact: HIPAA@schellman.com

About DANNY MANIMBO

Danny Manimbo is a Principal with Schellman based in Denver, Colorado. As a member of Schellman’s West Coast / Mountain region management team, Danny is primarily responsible for leading Schellman's AI and ISO practices as well as the development and oversight of Schellman's attestation services. Danny has been with Schellman for 10 years and has over 13 years of experience in providing data security audit and compliance services.