HIPAA Security: What you should know! ….. Over the years, there really hasn’t been an enforcement body, or at least never one with a presence which has been seen. The HIPAA Privacy and Security final rule, also known as the HIPAA Omnibus Rule, has been put in place by The Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR) | |
who are enforcing HIPAA security. The Omnibus Rule went into effect March 26, 2013, and compliance is required no later than September 23, 2013. Below is part of an article on HealthcareITNews.com in reference to the HIPAA Omnibus Rule.
“According to Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin, the biggest difference in the new rule is a change in breach notification. Under the old rule, providers were presumed innocent of harming patients when a breach occurred – until they proved otherwise. Under the new rule, providers are presumed guilty of harming patients when data is breached. They will have to prove their innocence. According to Rey, OCR has already prosecuted five covered entities, with the settlements ranging from $50,000 to $1.7 million. The smallest OCR enforcement action involved the breach of fewer than 500 records. “I think they are putting out the message that they are serious about enforcement. They are going after small and large cases,” Rey says….He said he had received emails from OCR indicating the agency is starting to hire enforcement officials. “There’s going to be a lot of enforcement going forward,” he says…The main reason covered entities ran into big problems with OCR last year, was they didn’t conduct risk assessments,” he says. “Providers should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule”.1 |
