Thursday, September 26, 2013

Survey: Law Firms Committed to HIPAA Privacy

In January 2013, the U.S. Department of Health and Human Services (HHS) announced that law firms that act as Business Associates, or interact with protected health information (PHI), are directly liable for compliance with the HIPAA Security Rule and Privacy Rule.

These rules mandate that access to and use of PHI must be restricted to a "minimum necessary" standard, with access restrictions documented and verified using activity monitoring technology. Formal enforcement began September 23, 2013.

Information from over 70 law firms was used to compile The 2013 HIPAA Law Firm Risk Survey, which focused on risk management policies, practices and priorities, collected information from over 70 law firms. Issues including compliance tracking and verification were examined.

"Firms are actively pursuing compliance with new HIPAA regulations, ...including undertaking internal assessments...and adopting security and monitoring controls." - 2013 HIPAA Law Firm Risk Study
The survey found law firms are pursuing compliance with the HIPAA Omnibus Rule. In addition to reviewing policies and procedures firms are establishing activity monitoring reporting. For such monitoring reporting, to ensure "minimum necessary" PHI access, organizations can utilize low-cost on-demand SaaS analytics services.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
(a) Law Firm HIPAA Survey Highlights Industry Commitment to Compliance with New Privacy and Security Rules Now in Effect -, 09/23/2013

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at