These rules mandate that access to and use of PHI must be restricted to a "minimum necessary" standard, with access restrictions documented and verified using activity monitoring technology. Formal enforcement began September 23, 2013.
Information from over 70 law firms was used to compile The 2013 HIPAA Law Firm Risk Survey, which focused on risk management policies, practices and priorities, collected information from over 70 law firms. Issues including compliance tracking and verification were examined.
"Firms are actively pursuing compliance with new HIPAA regulations, ...including undertaking internal assessments...and adopting security and monitoring controls." - 2013 HIPAA Law Firm Risk StudyThe survey found law firms are pursuing compliance with the HIPAA Omnibus Rule. In addition to reviewing policies and procedures firms are establishing activity monitoring reporting. For such monitoring reporting, to ensure "minimum necessary" PHI access, organizations can utilize low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Law Firm HIPAA Survey Highlights Industry Commitment to Compliance with New Privacy and Security Rules Now in Effect - www.HispanicBusiness.com, 09/23/2013