The HIPAA Omnibus Final Rule compliance date is September 23, 2013 and is the deadline for review of revised HIPAA administrative policies and Personnel Rule 3-10. The federal government recently changed rules related to HIPAA and required all covered entities to update policies to reflect the changes to the law. Staff from Aging & Disability Services, Developmental Disabilities Services, Mental Health and Addiction Services, Business Services, Human Resources and the Director’s Office must review the policies as required by the new federal HIPAA rules.

The rule change increases legal and financial penalties for noncompliance and client information breaches. In some cases, the law requires the county to consider employee discipline for incidents. 

“Policy review brings awareness of the County's expectations for the use and disclosure of client protected health information (PHI),” said Multnomah County Privacy Officer Cindy Hahn.  “The rule change emphasizes the need for employees to immediately report any known or suspected privacy incident, complaint or breach to their department privacy official or the County Privacy Officer. "

You can access the revised policies through Commons in your e-policy page. You will need to log into Commons and the E-policies link will be at the top of the page. The DCHS updated policies are grouped in three sections called DCHS HIPAA Policies/Procedures Part 1, 2 and 3. Each part contains multiple policies for your review. Make sure you click on the “Yes” button at the end of each of the three sections to ensure your acknowledgement of reviewing the policies is documented. For more information visit Multnomah County’s HIPAA Privacy site on Commons .