HIPAA overhaul goes live today; HHS likely to ramp up enforcement

Tools

The HIPAA omnibus rule officially goes into effect today--so what does that mean for providers and newly responsible business associates? 

Plenty.

Marcy Wilder, director of the global privacy and information management practice for Washington, D.C.-based law firm Hogan Lovells, told FierceHealthIT for a special report on the rule that HHS will be much more aggressive with enforcement of violations.

"[Congress] said that they expect HHS, when there is willful neglect involved in a violation, will not focus on informal resolution needs, but rather will take formal action," she said.

According to Philip Gordon, chair of the Littler Mendelson law firm's privacy and data protection practice group, more changes are around the corner.

"In terms of HIPAA fundamentals, a lot is going to be the same," Gordon told HealthITSecurity.com. "The HIPAA Security Rule was changed very little for [covered entities]."

But Gordon pointed out that the U.S. Department of Health & Human Services has greater discretion to determine compliance penalties--and said that will have an impact on covered entities. The newly tiered penalty structure increases fines to as much as $50,000 for "willful neglect" of information without correction, and $1.5 million for multiple violations of identical provisions.

A trio of attorneys from law firm McGuireWoods recently outlined several steps providers and other covered entities can take to ensure compliance with the rule, according to Becker's Hospital Review. Their suggestions for preparing for the Sept. 23 deadline included appointing privacy and security officers; conducting frequent risk assessments to identify problem areas; and adopting policies regarding the storage of health data on mobile devices.

Most hospital executives responding to the Healthcare Information and Management Systems Society's recently published annual leadership survey indicated that their top concern regarding the security of computerized medical information was mobile device security.

To learn more:
- read the HealthITSecurity.com post
- here's the Becker's piece

Related Articles:
HHS unveils final HIPAA omnibus rule
Hospital leaders: New HIPAA rule will be a challenge
Handling HIPAA: 4 new provisions providers must know
HIPAA rule may be final, but debate carriers on
Lack of staff still a concern for health IT professionals

Filed Under