The Department of Health and Human Services (HHS) has issued the HIPAA Omnibus Final Rule in January 2013. The rule’s security and privacy implications lie in its strengthening of regulatory protections for patient information and increasing fines for HIPAA violations. HHS has taken a series of steps to strengthen patient privacy protections and to monitor and enforce these protections. The HIPAA Omnibus Final Rule strengthens regulatory protections for patient information, increases penalties for breaches, and emphasizes agreements with business associates.
Potential economic and reputational damage may arise if organizations lack appropriate HIPAA security and privacy controls. The HIPAA audit program was the first security and privacy audit program by a regulatory body in the health care industry. The program was intended to assess HIPAA compliance across covered entities, identify best practices, and identify vulnerabilities.
With the Omnibus Final Rule in place and potential HIPAA audits on the horizon, industry stakeholders – providers, health plans, retail health, bio-pharma, and medical device companies – should consider whether they have a need to promptly assess potential capability gaps, define their security and privacy vision and needs, and develop appropriate remediation programs. Two groups are required to comply with HIPAA Rules: covered entities and business associates.
A covered entity is a health plan, health care clearinghouse or health care provider who electronically transmit any health information. See table below for examples of covered entities.
A business associate is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.
Examples of covered entities and business associates:
- Providers: Hospitals, medical groups, ambulatory facilities, long-term facilities
- Health Plans: Commercial insurance companies and employer self-insured plans that use an outside agent as its administrative services organization
- Health information technology solution providers: Hardware, software, application providers, data management, technical support, consulting services, et al
- Life Sciences: Pharmaceuticals, bio-technology, medical devices, non-allopathic nutraceuticals, functional foods
E Com Security Solutions is recognised as one of the market leaders in security, privacy, and internal control services. We have a dedicated practice of risk and control specialists with deep industry focus and experience. We have assisted over 4000 Organisations on cyber security and privacy assessments and our opinion stating that your operating controls meet HIPAA Security and Privacy standards is likely to reinforce customer confidence in your company.
We use tailored approach that works for you – reducing the effort needed to gather required information while also helping you and your staff gain a clearer understanding of the HIPAA Compliance requirements. We also have our proprietary processes, templates, and deliverables which allow us to accelerate every phase of the audit and reporting process while keeping you up-to-date in all phases of the engagement.