HIPAA Compliance Can Be Challenging
The Healthcare Insurance and Portability and Accountability Act (HIPAA) is complex but important legislation. It mandates that patient data should be stored securely, access to the data be controlled and monitored, and that healthcare organizations have the policies, procedures and systems needed to ensure compliance.
On February 17, 2009, President Barack Obama signed the American Recovery and Reinvestment Act of 2009 (the “ARRA”), commonly referred to as the federal stimulus bill. The ARRA contains several provisions — intended to promote the use of health information technology — that would significantly expand the scope of the privacy and security requirements of the Health Insurance Portability and Accountability Act of 1996 (”HIPAA”). These changes, summarized below, include:
- Direct, statutory liability for business associates for violations of HIPAA’s privacy and security requirements;
- New notification obligations for covered entities, business associates and other organizations in case of breach of personal health information (PHI) or personal health records (PHR) use and disclosure requirements;
- Additional rights for individuals regarding their PHI, particularly PHI contained in electronic health records;
- Additional restrictions on certain disclosures by covered entities and business associates;
- Increased civil penalties and expanded criminal liability for violations;
- Mandatory compliance audits by the Department of Health and Human Services (the “Department”);
- An expansion of entities required to have business associate agreements; and
- Additional restrictions on marketing communications.
TBG Security has substantial expertise in the core components stipulated within the HIPAA legislation and many of our Consultants have been involved with national standards committees as ANSI X12, HL7, WEDI, AFEHCT, NCPDP, and the Private Sector Technology Advisory Group (PSTAG).
Although many vendors offer services to companies seeking compliance and auditing solutions, few providers match TBG’s expertise, intelligence-gathering capabilities, commitment to open standards, or role as trusted advisor. TBG leverages regulatory knowledge, training, and experience; best-of-breed solutions; a global network of proven technology; and its history of stability and trust to deliver solutions that are not only effective, but also make the best use of existing in-house personnel, technology, and processes.
For more information on how TBG Security can help your organization reach HIPAA compliance contact our Compliance Practice Manager or call us directly at 877.233.6651 ext 704.