Tuesday, November 12, 2013

Can Latest HIPAA Rule Cut Breaches?

Some predict that last month's updated HIPAA rule will lead to better protection of PHI (Protected Health Information).

The update expands the number of organizations directly responsible for compliance with HIPAA requirements, making them liable for failure to secure PHI. Instead of just health care providers, those responsible and liable now includes their Business Associates (BA) as well, such as vendors, contractors and consultants they hire, and even subcontractors of BAs, if they handle PHI.

Rachel Seeger, of Health and Human Services (HHS) Office of Civil Rights (OCR), said BAs and subcontractors are now "directly liable" for compliance with HIPAA privacy and security rules, including "Impermissible uses and disclosures (including more than the minimum necessary)."

"We need to 'build security in,' and make the secure way of doing business the way the business people will use by default. I'm not saying effective awareness training has no value but putting too much reliance on it is not a winning strategy."
- Martin Fisher, director of information security, Wellstar Health System
While some experts think security awareness training will lead to fewer breaches, others disagree. Danny Lieberman of Software Associates said "when there is a financial incentive to steal data and you have an insider or partner with access, then you have motivation and means and all you need is opportunity to have a crime."

Organizations that want proactive detection of insider privacy breaches are utilizing low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Can the new HIPAA rule cut PHI breaches? - www.CSOonline, 11/08/2013

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.