HIPAA Security Rule Can No Longer Be Ignored

By Mike Semel, Semel Consulting

Health care organizations that have ignored the HIPAA Security Rule; businesses that resist compliance programs; and companies that store data but argue that they cannot access it all need to get past their HIPAA Denial.  The sleeping enforcement giant has woken up, and it has little patience for non-compliant medical practices or Business Associates. And, there are immovable deadlines that won’t change.

The HIPAA Omnibus Final Rule publication has sent shockwaves through health care organizations, some of which have done less than a stellar job complying with the HIPAA Security Rule for the past 8 years. If you are one of these organizations, the good thing about your HIPAA Denial was that the government was also doing a less than stellar job—in enforcement— until 2012.

Many of the businesses that support health care organizations are just realizing that the HITECH Act of 2009 requires that they implement HIPAA compliance programs for themselves and their subcontractors by September 23, 2013. Since 2009, Business Associates have caused over 20% of reportable breaches affecting over 12 million patient records. Had they complied with the HIPAA Security Rule most of these may have been avoided.

The Final Rule requires data centers, online backup providers, e-mail hosting services, and other Continue to full article..