Ready, Set, Go! HIPAA just got tougher. On Monday, the HITECH Act took effect which requires healthcare providers to meet even a higher standard for confidentiality of its healthcare information. The head of the Office of Civil Rights of HHS that regulates HITECH was recently interviewed and made it clear that:
“The new rule [HITECH] promises to bring hefty fines, more audits and added enforcement pertaining to the issue of patients’ protected health information….
Fines imposed on organizations that grossly violate HIPAA privacy and security rules are now on the upward trend…and that’s most likely going to continue.
It’s important because it very powerfully articulates what our expectations are for covered entities, what risk analysis steps, what training steps, what disciplinary steps, what safeguard steps we expect of them….
WellPoint, one of the nation’s largest health insurers, is one among 16 organizations thus far that has come to better understand what’s expected in regards to HIPAA privacy and security rules.
Just this July following an investigation, OCR ordered WellPoint to hand over $1.7 million after leaving the protected health information of 612,402 individuals accessible over the Internet. The data compromised included patient names, dates of birth, Social Security numbers, telephone numbers and health information.
According to the report, WellPoint established no safeguards verifying the person or entity seeking access to the electronic protected health information, and it failed to perform technical evaluation following an IT system software upgrade.”
HealthCare IT News, September 23, 2013
Is your office ready? The new rule is the most significant change to the HIPAA Privacy and Security Rules since they were first implemented. The revisions include changes to “breach” and “business associate” definitions. There are also changes to breach notification and risk analysis requirements. There are also further limits on marketing communication.
One of the most significant changes if that healthcare providers should expect more HIPAA audits to occur more frequently and fines will increase significantly.
Your office will need to review all current policies and procedures and make sure you are in compliance before a breach occurs.
Tell us how you prepared for the HITECH Act to avoid breaches? Share your ideas with us by clicking on the comment button below. We’d love to hear from you.
Get “News You Can Use” delivered directly to your email inbox. Click here to Subscribe