The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule, effective March 26, 2013, greatly expands privacy and security standards, compliance actions, breach notification steps, and penalties. The new regulations allow for fines of more than $1 million for health record breaches. The potential for data breaches is significant and increasing. Stakeholders must act now to prevent compromising sensitive patient data, preserve brand value, and avoid substantial financial penalties for violations.
The Outline of HIPAA Privacy rule:
The HIPAA Privacy Rule provides federal protections for private protected health information and gives patients an array of rights with respect to that information. The Privacy Rule permits the disclosure of protected health information needed for patient care and other important purposes.
- Define administrative responsibilities
- Formal Agreements between covered entities and business associates
- Need to implement privacy policies and procedures
- Workforce training on HIPAA Security requirements and the best practices
- Implement controls on the use and disclosure of PHI
The Privacy Rule applies to all healthcare providers and provides patient rights to their own protected health information, access to records, and disclosure on how that information is used or shared.
The Outline of HIPAA Security rule:
The HIPAA Security Rule requires covered entities, business associates, and their subcontractors to implement technical, physical, and administrative safeguards for protection of electronic protected health information (ePHI) that is created, received, transmitted, or maintained. The safeguards allow covered entities and business associates to ensure the confidentiality, integrity, and availability of ePHI. The HIPAA Security Rule:
- Establishes security standards for ePHI
- Protects health information held or transmitted in electronic form
- Requires administrative, physical, and technical safeguards to secure ePHI
- Supports the Privacy Rule requirement to reasonably safeguard PHI in all forms
HIPAA Breach Notification
The Breach Notification Rule requires covered entities, business associates, and their subcontractors to provide notification following a breach of unsecured PHI to affected individuals, the Secretary of Health and Human Services (HHS), and the media. The Breach Notification Rule consists of protocols a business must undertake in the event of data compromise. It includes elements such as:
- What constitutes a breach
- Necessary parities to be notified
- Notification timelines
- Notification methods
- Notification content
- Remediation plan
E Com Security Solutions is recognised as one of the market leaders in security, privacy, and internal control services. We have a dedicated practice of risk and control specialists with deep industry focus and experience. We have assisted over 4000 Organisations on cyber security and privacy assessments and our opinion stating that your operating controls meet HIPAA Security and Privacy standards is likely to reinforce customer confidence in your company.
We use tailored approach that works for you – reducing the effort needed to gather required information while also helping you and your staff gain a clearer understanding of the HIPAA Compliance requirements. We also have our proprietary processes, templates, and deliverables which allow us to accelerate every phase of the audit and reporting process while keeping you up-to-date in all phases of the engagement.