HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Son of HIPAA Breach Notification Rules and Business Associate Requirements: Who's Ready?

November 17, 2009

HIMMS Analytics surveyed about 250 hospital and business associate representatives, and came up with some figures to back up what we all knew in our hearts:  Most hospitals are gearing up for compliance with the HITECH Act / Son of HIPAA data security and breach notification requirements, but many experience data breaches — about half of hospitals surveyed in the past year — and business associates lag behind hospital in awareness and preparedness for compliance with new business associate requirements.

Check out the full report on the HITECH Act's impact on privacy and security, and check out recent HealthBlawg posts on HITECH Act and Son of HIPAA issues here: HITECH Act security breach rules now effective; Comments on HITECH Act breach notification rule from Capitol Hill; and Son of HIPAA Breach Notification Rules. 

Anyone who needs to be convinced that attention must be paid to this issue need only check out the cautionary tale of the Virginia prescription record security breach or any of the many breaches detailed here or here.

The survey provides a handful of key take-away points:

  • Risk assessments are common practice but alone do not mitigate breach risks.
  • Large hospitals experience the most data breaches and are at the greatest risk for future incidents.
  • Business associates are generally unprepared to meet the new data breach related obligations brought on by the HITECH Act.
  • Health care organizations are prepared to sanction business associates that don’t comply with the regulations outlined in the HITECH Act.
  • Inter-departmental disconnects between IT and Compliance on data breach policies and procedures leave hospitals at risk.

Bottom line: most health care provider organizations and most business associates (vendor organizations) have a great deal of work to do, not only in terms of conducting a through review of policies and procedures so as to come up with a gap analysis, but also in terms of implementing policies and procedures to fill the gaps identified, and to conduct appropriate trainings at all levels of the organization, including clear delineation of lines of communication regarding data security matters.

The Harlow Group network stands ready to assist provider and vendor organizations in preparing themselves for full compliance with the new HIPAA requirements promulgated in the HITECH Act and its regulations.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Health care policy, Health Law, HIPAA, HIT, Hospitals, Physicians, Privacy

you might also like:

  1. Son of HIPAA Breach Notification Rules

  2. HITECH Act security breach rules now effective; federales give a six-month pass. Now's the time to kick compliance efforts into high gear

  3. HIPAA enforcement: Business Associate Agreement rulemaking needed first – time to plan ahead

« Social Media Session at Oklahoma Hospital Association Annual Meeting
An ounce of prevention »

Comments

  1. Adam Bullock says

    November 17, 2009 at 11:44 am

    Really appreciate the resources you’ve provided in this post, thank you!

Follow me on Twitter

David Harlow πŸ’‰πŸ˜· Follow 42,911 17,570

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
4h 1620630690076282880

ICYMI> Natalie Davis, CEO of United States of Care β€” Harlow on Healthcare https://healthblawg.com/2022/11/natalie-davis-usofcare.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Natalie Davis, CEO Twitter feed image.
Reply on Twitter 1620630690076282880 Retweet on Twitter 1620630690076282880 0 Like on Twitter 1620630690076282880 1 Twitter 1620630690076282880
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
10h 1620535759902998528

The Harlow #Healthcare #Innovation Daily #digitalhealth #hcldr #HarlowOnHC #digitalhealth #healthtech

Image for twitter card

Google Research and DeepMind develop AI medical chatbot

digitalhealth.net A new AI-powered medical-specific chatbot developed by Google and DeepMind has shown some potential for clinical applications.

paper.li

Reply on Twitter 1620535759902998528 Retweet on Twitter 1620535759902998528 0 Like on Twitter 1620535759902998528 0 Twitter 1620535759902998528
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
11h 1620524933863378944

ICYMI> Paul Schrimpf, at Prophet Consulting, Driving Health Care Transformation β€” Harlow on Healthcare https://healthblawg.com/2022/12/paul-schrimpf-prophet-consulting.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Paul Schrimpf, at Twitter feed image.
Reply on Twitter 1620524933863378944 Retweet on Twitter 1620524933863378944 0 Like on Twitter 1620524933863378944 0 Twitter 1620524933863378944
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]