HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Son of HIPAA Breach Notification Rules and Business Associate Requirements: Who's Ready?

November 17, 2009

HIMMS Analytics surveyed about 250 hospital and business associate representatives, and came up with some figures to back up what we all knew in our hearts:  Most hospitals are gearing up for compliance with the HITECH Act / Son of HIPAA data security and breach notification requirements, but many experience data breaches — about half of hospitals surveyed in the past year — and business associates lag behind hospital in awareness and preparedness for compliance with new business associate requirements.

Check out the full report on the HITECH Act's impact on privacy and security, and check out recent HealthBlawg posts on HITECH Act and Son of HIPAA issues here: HITECH Act security breach rules now effective; Comments on HITECH Act breach notification rule from Capitol Hill; and Son of HIPAA Breach Notification Rules. 

Anyone who needs to be convinced that attention must be paid to this issue need only check out the cautionary tale of the Virginia prescription record security breach or any of the many breaches detailed here or here.

The survey provides a handful of key take-away points:

  • Risk assessments are common practice but alone do not mitigate breach risks.
  • Large hospitals experience the most data breaches and are at the greatest risk for future incidents.
  • Business associates are generally unprepared to meet the new data breach related obligations brought on by the HITECH Act.
  • Health care organizations are prepared to sanction business associates that don’t comply with the regulations outlined in the HITECH Act.
  • Inter-departmental disconnects between IT and Compliance on data breach policies and procedures leave hospitals at risk.

Bottom line: most health care provider organizations and most business associates (vendor organizations) have a great deal of work to do, not only in terms of conducting a through review of policies and procedures so as to come up with a gap analysis, but also in terms of implementing policies and procedures to fill the gaps identified, and to conduct appropriate trainings at all levels of the organization, including clear delineation of lines of communication regarding data security matters.

The Harlow Group network stands ready to assist provider and vendor organizations in preparing themselves for full compliance with the new HIPAA requirements promulgated in the HITECH Act and its regulations.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Health care policy, Health Law, HIPAA, HIT, Hospitals, Physicians, Privacy

you might also like:

  1. Son of HIPAA Breach Notification Rules

  2. HITECH Act security breach rules now effective; federales give a six-month pass. Now's the time to kick compliance efforts into high gear

  3. HIPAA enforcement: Business Associate Agreement rulemaking needed first – time to plan ahead

« Social Media Session at Oklahoma Hospital Association Annual Meeting
An ounce of prevention »

Comments

  1. Adam Bullock says

    November 17, 2009 at 11:44 am

    Really appreciate the resources you’ve provided in this post, thank you!

Follow me on Twitter

Tweets by healthblawg

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2022
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]