The new rule will bring more hefty fines, more audits and added enforcement pertaining patients’ protected health information according to Leon Rodriguez, Director of the Office for Civil Rights (OCR). While the official and permanent audit program is not fully established, breach investigations are being conducted.
"Fines imposed on organizations that grossly violate HIPAA privacy and security rules are now on the upward trend." - Leon Rodriguez, Director, Office for Civil Rights, U.S. Department of Health & Human ServicesMr. Rodriguez stressed the need for covered entities (CE) as well as business associates (BA) "to perform a comprehensive, thorough risk analysis and then to apply the results of that analysis."
A comprehensive risk analysis includes ensuring healthcare workers only have access to the information needed to perform their job, as well ensuring that workers are not inappropriately accessing patient information. This can now be accomplished proactively with low-cost, on-demand SaaS analytics services, rather than requiring purchasing hardware and software and burdening IT and other staff.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) Ready or Not: HIPAA Gets Tougher Today - www.HealthcareITnews.com, 09/23/13