HIPAA, or the Healthcare Information Portability and Accountability Act, hasn’t been updated since 2013, when its companion legislation, the Health Information Technology for Economic and Clinical Health (HITECH) was first released, but that’s set to change this year.
In January of 2021, the U.S. Department of Health and Human Services released several new proposed updates and guidelines and requested feedback from the healthcare community. When put into effect, the finalized regulations would have a significant impact on the policies, procedures, and security practices of both covered entities and business associates.
What do healthcare providers need to know to future-proof their HIPAA compliance program?
With the launch of the Right of Access Initiative in 2019, the Office of Civil Rights (OCR) has been rigorously enforcing the right of patients to access their medical records.
Among the proposed new HIPAA regulations is new verbiage that removes some of the obstacles that patients may encounter when trying to access their PHI. Here are a few of the proposed regulations that could impact your technology.
According to the HIPAA Journal, 51% of healthcare providers are not fully compliant with the HIPAA right to access. In particular, small or understaffed providers often feel justified deprioritizing right to access. But, OCR has been aggressively enforcing those rules, settling more than 16 right to access violations in just a few short years.
Here are just some of the notable penalties levied in the twelve months
What does this mean for your IT systems?
Learn more about what defines a HIPAA Violation.
Another proposed feature of the HIPAA update is to emphasize “recognized security practices” when conducting HIPAA audits or levying penalties. This refers directly to the National Institute for Standards and Practices (NIST) Cybersecurity Framework, an important set of compliance best practices that’s already used widely throughout government entities and private companies.
To ensure that your HIPAA controls remain consistent with the HIPAA updates, now is a good time to ensure your technology is aligned with the risk-based security approach outlined in NIST, as it provides specific workflows and standards lacking in HIPAA.
This NIST framework is organized around five core functions
The COVID-19 pandemic has propelled telehealth into the healthcare mainstream.
At the start of the pandemic, the Federal Government launched a historic expansion of telehealth access under Secretary Alex Azar, giving organizations operating in a good faith the chance to work with mainstream video apps like Zoom, Facebook Messenger, Google Hangouts and others without the standard business associates agreement (BAA).
Will the HIPAA update force providers back onto HIPAA-compliant platforms? While discretion is likely to continue into 2021, it’s also wise to review your telehealth systems and prepare for stricter regulation that will eventually come down from HHS.
Here are some strategies for improving telehealth security and ensure long-term HIPAA compliance:
An effective way to stay ahead of HIPAA’s latest changes is to partner with a HIPAA compliance consultant, like Complete Network. For 20 years, we’ve been helping healthcare organizations in Albany, New York, Charlotte, North Carolina, and Bluffton, South Carolina improve their cybersecurity protections and manage their HIPAA compliance exposure.
We know that the first step toward better IT support is to research your options. We’ve put this guide together to aid you in that process.
It’s designed to give you an overview of our organization, so that you have the key information you need to evaluate our service fit.
This guide covers:
Download it for free by filling out the form here.