As we’ve discussed in previous articles,[1] and as you are no doubt aware by now, the Health Insurance Portability and Accountability Act (HIPAA) recently received a significant facelift.  In addition to extending direct liability to business associates and subcontractors, the updated HIPAA regulations (Updated Regulations), which were authorized by the Health Information Technology for Economic and Clinical Health Act (HITECH), contain many new provisions to address growing privacy concerns for the increasing amount of protected health information (PHI) stored on electronic media.  Covered entities and their business associates and subcontractors must comply with the Updated Regulations by September 23, 2013.  In order to help you prepare for the September 23, 2013 compliance deadline, this article (1) explains the difference between two important compliance deadlines contained in the Updated Regulations, (2) suggests a 5-step process to efficiently update and/or create compliant HIPAA policies and procedures, and (3) discusses a few observations we’ve made as we’ve helped our clients prepare for the September 23, 2013 compliance deadline. Continue reading…