OVERVIEW
With the healthcare industry evolving at a rapid pace, staying informed regarding new rules and regulations, as well as changes and updates to
current laws, is of the utmost importance for organizations subject to the Health Insurance Portability and Accountability Act (HIPAA).
Organizations subject to HIPAA, referred to as “covered entities,” or organizations delivering services to covered entities, known as “business associates” per the HITECH Act include:
• Healthcare providers such as doctors, hospitals, etc.
• Healthcare insurance and health plan clearinghouses
• Businesses who self-insure
• Businesses that sponsor a group health plan and provide assistance to their employees on medical coverage
• Businesses that deliver services to other healthcare providers
Keeping Up With HIPAA
Originally passed in 1996, HIPAA has now been around for 18 years, and while many in the industry were skeptical when it was first introduced, recent adjustments to the act have given HIPAA serious teeth.
Changes and Amendments
There have been many changes and additions made to HIPAA since it was originally signed into law in 1996. As such, staying up to date with HIPAA is essential to ensuring that your organization is following all requirements to maintain compliance.
Hosting Providers in Healthcare
As of late 2013, all hosting providers who are maintaining protected health information on behalf of covered entities became subject to HIPAA. They are now considered “business associates,” whether or not they actually view the information they hold.
HIPAA Omnibus Rule
The Omnibus Final Rule, which took effect on March 26, 2013, outlines changes for covered entities and business associates. This rule now makes business associates and subcontractors of business associates of covered entities directly liable for compliance with certain parts of the HIPAA Privacy and Security Rule requirements.
Simply put, the Omnibus Rule puts liability on the provider. Under the old rule, providers were innocent until proven guilty when a breach occurred. However, with the passing of the Omnibus Rule, providers are presumed guilty and will have to prove their innocence. It’s predicted that this will open the doors for more enforcement action.