7 Steps to Get HIPAA-Compliant Now

A major update to the Health Insurance Portability and Accountability Act went into effect this week, giving health care providers, insurance plans, self-insured employers, and a wide range of contractors and vendors just six months to implement the changes. The HIPAA omnibus final rule, which enacts changes outlined in the 2009 Health Information Technology for Economic and Clinical Health Act went into effect Tuesday. But federal regulators have given covered entities and business associates six months, until the end of September, to comply before they start enforcing the new rules.

"Many companies are not in the health care space generally and aren't at all prepared for what HIPAA requires. They do something that's only tangentially related to health – they administer email systems, or something like that," said co-chair of the Cybersecurity and Privacy Team Shannon Hartsfield. "Telling them they need to comply with HIPAA is sometimes a difficult message to deliver," said Ms. Hartsfield.