Yes, this website is called EMR and HIPAA, but as you can tell from the content I’m much more interested in EMR than I am in HIPAA. Although there is certainly some correlation.
That said, I think there’s some interesting things happening with HIPAA that people need to be aware of. HHS released the Breach Notification Final Rule. Healthcare POV said the following about the rule:
The Department of Health and Human Services (HHS) has released a final rule on breach notification requirements for covered entities (CEs) and business associates (BAs). Published in the Federal Register, the rule dictates proper procedure for responding to a breach, including when notification is required, who to tell and how to dispense that information. The rule also reiterates and clarifies recommended methods of data encryption.
The announcement came 2 days after the Federal Trade Commission (FTC) released its breach notification final rule, which covers personal health record vendors and other non-HIPAA CEs. HHS consulted with FTC on requirements and asked the public for input through a request for information released earlier this year.
The link above has more analysis of these changes as well. I’ll admit that I’m not an expert in this area. Anyone else who cares to chime in on the impact of these changes, I’d love to hear about it in the comments or even a guest blog post if someone’s interested.
All those large organizations that hold priceless data should be aware of the risks. Many have recently started to enforced mandatory encryption of significant data. There are a few options, but the easy one is to use Secure USB Flash Drive that really works great. If you must give your details, make sure that it’s protected!
If anyone can refer me to a lawyer in Oregon willing to sue for multiple flagrant violations of HIPAA law, I would appreciate it. Please email me at: happy.leo@verizon.net.