The Health Insurance Portability and Accountability Act (HIPAA) experienced severe changes with the Omnibus Rule. At the very least all covered entities must have updated:
1. Notice of Privacy Practices (NPP). Your NPP must be updated to incorporate changes in the same. Due to the type of changes effected the requirement requirements that old and new patients be given a copy of the same.
2. Updated contracts with your Business Associates. Again, if you have not updated you contracts since January 2013 then chances are extremely high that they will be outdated.
3. Policies and procedures. Remember that these policies are no longer documents to put on a shelf but living documents with documented actions to prove you are actually implementing the same. Also, buying or copying templates that you are not going to follow is a bad idea as the same may require actions from you that you are not aware of.
4. Maintain evidence in a central point accessible at a moment’s notice. In other words, keep proof of your actions in a central place or Document Management System where the same can be accessible at a moments notice.
Note: Keep in mind that Privacy and Security required different actions form the Covered Entities and Business Associates.