09-09-13 | Blog Post
HIMSS.org announced that OCR Director Leon Rodriguez will deliver an opening keynote address on the same day that the new HIPAA omnibus regulations go into effect – September 23, 2013. Presenting at the Privacy & Security Forum hosted by HIMSS, Online Tech will be also be in attendance, exhibiting HIPAA compliant hosting solutions, including an encrypted HIPAA cloud, at the HIMSS from September 23-24th at booth #106.
Rodriguez will provide guidance to healthcare organizations on how to effectively comply with the new HIPAA rules. He’ll also address how to ensure patients have access to their health information and how to encourage engagement in healthcare. Other issues the new rules address include regulations around sharing health data with third parties and protecting their health information from unwanted marketing and sales.
The OCR Director will also shed light on the OCR’s enforcement and audit programs, including highlighting the areas where organizations should focus on in order to keep electronic patient health information (ePHI) secure. The initial audit pilot program ran from November 2011 to December 2012, and placed 115 organizations nationwide under HIPAA audits conducted by KPMG. Only covered entities were included in the initial audits which gave the federal government insight into the current state of the country’s health data security. Read more in The HIPAA Police Are On Their Way!
The results of their audit program found that healthcare organizations that employed all of the technology that was marked as addressable, such as encryption, were found to be in compliance with the HIPAA standards.
A few best practice/guidelines for healthcare data encryption include:
Read Encrypting Data to Meet HIPAA Compliance for more tips.
The OCR also found that 80 percent of the covered entities audited did not complete a risk assessment. The new HIPAA audit program will commence in fiscal year 2014 (October) and will include business associates as well. Read more in Get Ready for HIPAA Audits with Encryption & A Risk Analysis.
This is a wake up call to cloud service providers that serve the healthcare industry, including healthcare software as a service (SaaS) companies. Subcontractors, those that serve business associates, are also within the scope of the HIPAA omnibus rule if they create, transmit or maintain healthcare data.
Read our HIPAA Compliant Hosting white paper as it explores the impact of HITECH and HIPAA on data centers. It includes a description of a HIPAA compliant data center IT architecture, contractual requirements, benefits and risks of data center outsourcing, and vendor selection criteria.
Read more about the new rule and how to achieve compliance in:
HIPAA Encryption in the Cloud: Don’t Sacrifice Performance for Security
Earlier this year, OCR (Office for Civil Rights) Director Leon Rodriguez was quoted on the topic of HIPAA encryption: “…regardless of size, covered entities must take action and will be held accountable for safeguarding their patients’ health information. Encryption is an … Continue reading →
Removing the ‘Cryptic’ from ‘Encryption’ – HIPAA and the Meaning of Secure PHI
Join Brian Balow of Dickinson Wright and April Sage of Online Tech as they discuss the HIPAA Breach Notification Rule and the implementation of HHS encryption standards to protect PHI. Title: Removing the ‘Cryptic’ from ‘Encryption’ – HIPAA and the Meaning of Secure … Continue reading →
HIPAA Hosting Provider BAAs Need to Reflect HHS Final HIPAA Privacy & Security Rules
Does your HIPAA hosting provider have a legal BAA (business associate agreement)? I just got off the phone with our attorneys who are updating our business associate agreement to reflect the changes required in the HHS final HIPAA Privacy and … Continue reading →