HIPAA Omnibus Final Rule to Levy Significant Penalties for Non-Compliant Healthcare Entities
by Carlos Arcila
The compliance deadline for the omnibus final rule, which amends the regulations that implement the Health Insurance Portability and Accountability Act of 1996 (HIPAA), was September 23, 2013. With the onset of the revised regulations, many healthcare entities are revving up their HIPAA compliance efforts by ensuring that Business Associate Agreements (BAAs) are in place with their cloud and other technology service providers. However, a recent survey of business associates in the healthcare service industry conducted by Coalfire* found that fewer than half of those business associates surveyed currently report being compliant with HIPAA and the omnibus final rule.
This statistic is alarming because the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) has the authority to assess civil monetary penalties of up to $1.5 million for multiple violations of the same requirement by a covered entity or a business associate in a calendar year.
Today many healthcare providers are turning to new technology and new services such as cloud computing to be innovative and more efficient with their resources so they can focus on delivering healthcare to their patients. In light of the responsibility placed upon providers to safeguard patient health information, it's critical that these healthcare entities choose a trusted provider whose security practices are aligned with current HIPAA regulations.
"Healthcare providers need to be aware that not only are they themselves responsible for compliance with HIPAA, but that HIPAA assigns responsibility for safeguarding protected health information to their business associates," said Chris Davis, solutions architect, Verizon Enterprise Solutions. "Verizon's ability to sign a BAA with a healthcare provider gives an organization the confidence that Verizon accepts the responsibility for meeting the requirements of the law."
It's this acknowledgement of responsibility that healthcare providers need in order for them to continue to focus on their core competency, which is delivering care to patients.
To learn more about Verizon's Healthcare Enabled Services, please visit Verizon's Healthcare Enabled Services.