Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule, appropriate safeguards are required to protect the privacy of Personal Health Information (PHI). The Rule sets conditions and limits on the uses and disclosures that might be made of such information without the patient’s authorization. According to the Centers for Medicare and Medicaid Services (CMS), which is a HIPAA enforcement agency, the Affordable Care Act of 2010 (ACA) has hastened the trend toward electronic records.
Thus, individuals and businesses, under modern cyber security, are required to pay close attention to the developments in digital data and storage; and companies dealing with files that require compliance with cyber security and HIPAA rules. Files that need to be protected in compliance to the HIPAA Privacy Rule are known as Electronic Protected Health Information (EPHI). The steps to protect those files include:
- Conducting yearly data risk assessments
- Implementing safeguards
- Ensuring that all employees know and implement data safety practices
- Encrypting all devices
- Logging access of sent and received files
Research shows that many businesses that are needed to comply with HIPAA rules are not using all of these methods. It should be noted that a failure to abide by HIPAA cyber security rules can land your company in legal trouble in case of a data breach.
Need for HIPAA Privacy Rule
It is always a good practice to play safe when it comes to handling data and avoiding data breaches. You should not take risks when it involves data security, no matter what sector you are associated with. Compliance with cyber security and HIPAA rules is required because:
- You will end up spending more if you try to save money by neglecting online safety.
- Without a proper privacy policy in place, all your employees are on their own.
- If a privacy policy is not created and implemented voluntarily, you will have to do it under duress when you get hacked.
- Your reputation will also get hampered if the absence of security leads to a breach.
HIPAA Privacy Rule Update
The Department of Health and Human Services (HHS) changed the HIPAA Privacy Rule and has issued a final rule, pertaining to which certain covered entities are permitted to disclose specific elements of Protected Health Information (PHI) to the National Instant Criminal Background Check System (NICS). While protecting the privacy of all patients is important, some information is required by some government organizations to make decisions to better protect the public, therefore, the need for the final rule constantly change.
HIPAA Privacy Rule Compliance
It is a perfect time to review your compliance to HIPAA Privacy Rule. It is not too late to be compliant. For compliance, you must:
- Ensure that the Privacy Officer and Security Officer of your organization are up–to-date on the new rules.
- Conduct risk assessments to determine the likelihood of data breaches.
- Review and update HIPAA Privacy and Security policies.
- Retrain your workforce on updated policies.
- Establish internal audits to avoid any lapses in the privacy and security of PHI.
For more insights on HIPAA Privacy Update and cyber security, attend this HIPAA Compliance Virtual Boot Camp 2017, by expert speaker, Jim Sheldon-Dean. Jim is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. During the event you will learn about the HIPAA Privacy and Security policies.