Healthcare professionals are being held to higher standards than ever before to protect consumer privacy. Recent changes made to consumer protection laws including the Health Insurance Portability and Accountability Act (HIPAA), the HIPAA Omnibus Rule, and the Health Information Technologies for Economic and Clinical Health (HITECH) Act. have increased the level of liability that healthcare providers can be held personally responsible for.
Some of the most significant provisions of the law that are specific to data breaches include:
- The rule now presumes any impermissible use or disclosure of information protected under HIPAA's privacy provisions qualifies as a breach, unless the breached organization can demonstrate that it's unlikely the breach has compromised the information.
- Even if the data improperly accessed did not include birth dates and ZIP codes, it is still considered a breach of protected information, unless the organization demonstrates that it's unlikely the breach has compromised the data.
- HIPAA-covered entities must still notify both the Secretary of Health and affected consumers of all data breaches that affect fewer than 500 people, but now have until 60 days after the end of the calendar year in which the breach was discovered, rather than the year in which it occurred."(Key Take-Aways of the New HIPAA Omnibus Rule, 2013)
Healthcare providers can avoid these new penalties and protect the privacy of all patients by following all HIPAA and HITECH rules before the federally mandated date of September 23, 2013.
For more information on this subject click here