Debunking HIPAA Omnibus Compliance Myths
HIPAA is a complex and often misunderstood law designed to protect the privacy and security of patient health information. The law has carefully crafted stipulations on exactly how health care facilities are required to handle this information, protect against risks and notify about breaches. In the two years that have passed since the HIPAA Omnibus Rule was implemented, many myths are still pervasive within the health care industry that can lead to noncompliance and serious penalties.
Many health care providers are under the mistaken belief that small breaches do not “count” for breach notification requirements. One of the most significant changes under the Omnibus Rule was to clarify the definition of a health date breach. It now states that any impermissible use or disclosure of patient health information is considered a breach. For health care providers, this means that they must provide a breach notification unless they can show there is an extremely low probability that they information has been compromised.
Another myth surrounds the use of texting patient health information. Many health care providers consider this a secure way to communicate PHI, when in fact a smartphone with a PIN can be easily hacked. Additionally, these devices are at high risk for theft and any PHI stored on them would then be at risk for theft. It is important for health professionals to use communication channels in which data may be encrypted and information will be secure.
Finally, health care providers should now be aware that patients have increased access rights to their own data. While previously not all of this information was available to them, under the new Omnibus Rule, patients may electronically request their health information and the government’s ability to enforce this portion of the law was increased.
To further discuss the Omnibus Rule and how your practice could better comply with HIPAA regulations in New Jersey, New York and Pennsylvania contact the trusted health law attorneys at Buttaci Leardi & Werner, LLC.
Tagged with: HIPAA Omnibus Rule, HIPAA regulations
- Posted on: Feb 12 2015