HealthBlawg

David Harlow's Health Care Law Blog

  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

HIPAA Compliance: Privacy and Security, Breach Notification and Enforcement

It’s time to revisit your health care data privacy and security policies and procedures.

The Omnibus Final Rule under HIPAA/HITECH is here to stay — the compliance date was in September 2013 — and it requires that health care providers and payors and their business associates update their health data privacy and security policies and procedures.

Some of the key changes to the rules center on Business Associates. The rules have broadened the definition of Business Associate and have added compliance responsibilities as well.

Enforcement efforts at the federal and state levels are ramping up, and significant fines may be imposed on covered entities, business associates and subcontractors that are out of compliance. Complaint investigations and random audits, performed by federal and state investigators, as well as outside contractors, will identify businesses at risk — and self-reporting rules will identify others when they must disclose their data breaches on The Wall of Shame.

Businesses who deal with health care providers and payors and their patient information — even shredding contractors and copy machine leasing and maintenance companies — are now subject to HIPAA/HITECH rules.

Covered Entities will need a review of their policies and procedures as well, to ensure that they are properly managing internal processes and those of their Business Associates.

State data privacy laws continue to interact with HIPAA/HITECH rules in ways that Covered Entities and Business Associates need to understand.

Contact us now to learn more about health care data privacy and security compliance in this brave new world.

Related Resources:

HIPAAtoolssm

HealthBlawg posts on HIPAA

US HHS/OCR HIPAA Home Page

HIPAA & Health Information Portability: A Foundation for Interoperability (ONC blog bost)

Threads

Follow me on: Threads

Mastodon

Follow me on: Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2025
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]