The Health Information Portability and Accountability Act is almost 20 years old at this point, which might lead some to believe that the medical sector has a tight handle on the requirements therein. However, the statutes were never that simple, and the rapidly evolving face of health care - most notably with respect to the new technologies in use - has only worked to compound the challenges over the past decade or so.
At the same time, the rising prevalence of data breaches and privacy protection failures has led to public demand for more stringent and widespread enforcement of HIPAA laws - and for good reason, as so many individuals have been impacted by these events in a relatively short period of time. Subsequently, the various entities responsible for auditing firms' practices and enforcing the statutes that might apply are seemingly ready to answer this proverbial call to arms, and medical firms must be prepared.
HIPAA email requirements, as well as regulations under the act related to general storage, sharing and privacy of patient records, are written relatively clearly and the solutions needed to oblige the law are readily available. Leaders in the sector simply need to realize that they are responsible for taking the initiative and getting the relevant strategies into motion as soon as possible, or run the risk of experiencing disruptive fines, litigation proceedings and even data breaches when not in compliance with the law.
Audits are coming
Workforce.com recently reported that the Office for Civil Rights, a part of the U.S. Department of Health and Human Services, is planning on increasing its rate and intensity of audits to ensure that all firms handling medical data are adhering to HIPAA. It is worth noting here that there have been plenty of times in the past few years during which the OCR has started to increase its activity in these regards, and chances are this will not be the last one.
According to the news provider, Gordon Rapkin of a New Jersey-based human resources document management firm stated that preparation is key, and understanding responsibilities across departments will be crucial in the coming months.
"Employers need to know that they are obligated to protect this information, they must show that they are capable of protecting this information and prove that their employees have been trained to do so," Rapkin told Workforce.com. "You must be able to prove all that in a very short window of time if you're unfortunate enough to be selected for an audit." So, knowing that these audits are going to increase in frequency, it might help to understand where many firms get tripped up in compliance practices.
Common threats
Because of how popular phishing scams have become in health care - not to mention their consistent effectiveness in exposing sensitive patient information - firms will want to first focus on this matter. Health IT Security recently reported that administrative safeguards can be a start to strong, compliant defense against phishing and similar scams, but they are not the only matters that need to be enacted.
Rather, the source argued that training and awareness for all employees who handle patient information is one of the only ways to really reduce this particular threat, citing commentary directly from HHS. This tied back into the argument that people, process and technology must all be converged and managed properly for optimal defense against data breaches.
By training employees in best practices, aligning processes with compliance requirements and leveraging email encryption and other protective technologies, firms can better protect patient information and avoid the prospect of failing a HIPAA audit in the coming years.
Comments (0)