Skip to main content

Rx for HIPAA Compliance

Weighing in at half the length of Tolstoy's legendary tome War and Peace, it is no surprise that the thought of the impending deadline for compliance with the 538-page  HIPAA Omnibus Rule  has left many small clinical practices feeling overwhelmed.   HHS Office of Civil Rights (OCR) and the Workgroup for Electronic Data Interchange (WEDI) are co-sponsoring four upcoming webinars to help smaller health care providers better understand HIPAA compliance and enforcement topics.  The webinars will specifically focus on practical strategies for implementing the Omnibus Rule’s new requirements within a small clinical practice.

Each of the 90-minute sessions (1-2:30 p.m. EST) is free to all registrants, and will educate participants on the following topics:

  • Friday,  June 14th – HITECH Omnibus Overview of the Rule
  • Friday, June 28th - Drill down on the new HITECH Privacy Rule
  • Wednesday, July 17th – Breach and Enforcement under the HITECH Omnibus Rule
  • Friday, July 26th – Business Associates and the HITECH Omnibus Rule

WEDI was formed in 1991 by the then-HHS Secretary, Dr. Louis Sullivan, and the organization has been an official advisor to HHS since being named to that role in the 1996 HIPAA legislation.  According to the website, ”WEDI is a coalition comprised of a cross-section of the healthcare industry: doctors, hospitals, health plans, laboratories, pharmacies, clearinghouses, dentists, vendors, government regulators and other industry stakeholders.”

Smaller providers are particularly vulnerable to HIPAA enforcement – private practices and outpatient facilities are the first and third most common provider types required to adopt corrective action in response to an OCR investigation.  And in the past year, OCR entered into its first settlement agreement regarding a breach of less than 500 individuals. Previously, to get answers tailored to their needs, these providers could consult that “Small Providers and Small Business” Frequently Asked Questions and a dedicated summary page on OCR’s website.  OCR’s and WEDI’s joint effort to target these providers is a golden opportunity for these covered entities and their business associates to educate themselves on their new increased obligations under the law and regulations.

Subscribe To Viewpoints


Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.