EXECUTIVE SUMMARY
Since the Health Insurance Portability and Accountability Act of 1996 (HIPAA) went into effect, the landscape of healthcare has changed for all entities.
Since 1996, there have been significant advances in technology – sophisticated wireless networks, smartphones and tablets. HIPAA Privacy Rules had to be updated along with these advancements to address security and privacy concerns related to protected health information (PHI).
And on Jan. 17, 2013, the U.S. Department of Health and Human Services (HHS) addressed these concerns by announcing a new Final Omnibus Rule “to strengthen the privacy and security protections for health information established under HIPAA.”1 Specifically, the Final Rule “provides the public with increased protection and control of personal health information.”1 The Final Rule applies to business associates, including subcontractors, or those entities or individuals that maintain PHI on behalf of a covered entity.2 For organizations and business associates not in compliance (no matter the size), there is a maximum fine of $1.5 million. The new privacy and security rules increased damages for civil penalties, and the criminal penalties remain the same; however, OCR is now taking a more proactive and strict approach to HIPAA violations and prosecutions.
From private practices to healthcare systems, organizations must take appropriate steps to make sure they are HIPAA compliant and follow the guidelines of the Final Rule.
HIPAA PRIVACY RULE AND THE FINAL RULE
When instituted, HIPAA’s Privacy Rule was a set of standards to “address the use and disclosure of individual’s health information – called “protected health information” by organizations subject to the Privacy Rule.”2 One of the main objectives of the Privacy Rule was to protect PHI while promoting effective workfl ows within an organization.
Download Full Whitepaper: The Changing Landscape of Healthcare: A White Paper