Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Download PDFDownload PDF
Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Guest Blogger
/
July 13, 2021
Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

MIN
/
July 13, 2021
About the Episode
Episode Highlights
Meet our Guest
Episode Transcript

Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Get the Report

Great, thank ya!

You can now access the content.
Oops! Something went wrong while submitting the form.
Blog

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Panelists
No items found.
Introduction
Introduction

Great, thank ya!

You can now access the content.
Download NowDownload Now
Oops! Something went wrong while submitting the form.

Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Panelists
No items found.
Infographic

Refocusing on HIPAA Compliance After a Worldwide Pandemic

Learn more about how the COVID-19 Pandemic impacted HIPAA compliance and how HIPAA regulations are changing in 2021 and beyond.
Download InfographicDownload Infographic

Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Collecting payments with online forms is easy, but first, you have to choose the right payment gateway. Browse the providers in our gateway credit card processing comparison chart to find the best option for your business. Then sign up for Formstack Forms, customize your payment forms, and start collecting profits in minutes.

Online Payment Gateway Comparison Chart

NOTE: These amounts reflect the monthly subscription for the payment provider. Formstack does not charge a fee to integrate with any of our payment partners.

FEATURES
Authorize.Net
Bambora
Chargify
First Data
PayPal
PayPal Pro
PayPal Payflow
Stripe
WePay
ProPay
Monthly Fees
$25
$25
$149+
Contact First Data
$0
$25
$0-$25
$0
$0
$4
Transaction Fees
$2.9% + 30¢
$2.9% + 30¢
N/A
Contact First Data
$2.9% + 30¢
$2.9% + 30¢
10¢
$2.9% + 30¢
$2.9% + 30¢
$2.6% + 30¢
Countries
5
8
Based on payment gateway
50+
203
3
4
25
USA
USA
Currencies
11
2
23
140
25
23
25
135+
1
1
Card Types
6
13
Based on payment gateway
5
9
9
5
6
4
4
Limits
None
None
Based on payment gateway
None
$10,000
None
None
None
None
$500 per transaction
Form Payments
Recurring Billing
Mobile Payments
PSD2 Compliant

Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Businesses and organizations that interact with any medical records in the United States need to comply with HIPAA data privacy requirements. Originally defined in the Health Insurance Portability and Accountability Act (HIPAA) of 1996, the regulations are designed to keep the keep Protected Health Information (PHI) of patients private. 

When PHI is stored in electronic form on a computer or digital file, it is referred to as electronic Protected Health Information (ePHI). It is the responsibility of each organization’s selected compliance officer or head of compliance to ensure the safety and security of ePHI.  This can be a dedicated compliance officer or another officer of the company that takes on this responsibility. Failure to comply with HIPAA regulations can result in substantial fines determined by the scope and severity of the violation. 

Data breaches that expose ePHI are also extremely damaging to the reputation of the victimized organization and can result in the loss of consumer confidence and business opportunities. There is also immeasurable damage to patients whose confidential information has been compromised. 

Related: Top 10 Questions from Our ePHI Cyber Risk Management Webinar

The Impact of COVID-19 on HIPAA Enforcement

The COVID-19 pandemic has led to a heightened awareness of the need to balance the delivery of quality healthcare with the desire to protect the privacy of individuals’ ePHI. To address these concerns, the Department of Health and Human Services (HHS) modified enforcement of HIPAA compliance in 2020. The changes will remain in place until the HHS Secretary declares that the public health emergency is over. 

HHS announced the temporary flexibilities in March and April by the release of Notices of Enforcement Discretion. These notices are intended to make sure HIPAA compliance does not jeopardize the delivery of quality patient care. The aim is to help organizations handle the challenges of testing and treating COVID-19 patients. 

The Notices of Enforcement Discretion address several specific areas of providing healthcare services including:

  • Permitting flexibility in telehealth remote communications to empower providers to fully serve their patients
  • Reducing restrictions on business partners from sharing PHI with agencies such as the Centers for Disease Control and Prevention (CDC) and Centers for Medicare and Medicaid Services (CMS) in an attempt to more effectively fight the pandemic
  • Limiting HIPAA violation enforcement with organizations operating community-based COVID-19 testing centers
  • Loosening the restrictions regarding the online and web-based scheduling of COVID-19 vaccinations while outlining what video services cannot be used.
  • Explicitly stating that HIPAA violations can still occur. The loosening is strictly for video conferencing and web-based scheduling. 

Hopefully, HHS will be able to declare the public health emergency is over shortly. Organizations subject to these notices need to be flexible in preparing to revert to pre-pandemic levels of adherence to HIPAA guidelines. In addition, they need to be prepared for proposed and implemented changes to HIPAA regulations this year.

Read Next: Pointers and Best Practices for Adopting Telehealth

Changes to HIPAA Regulations in 2021

The regulatory world does not standstill. HIPAA regulations are constantly evolving to meet the challenges of new technology and the privacy demands of the public. Best practices in the industry are the guiding light for changes on how your company will establish HIPAA controls along with additional regulations created by HHS’ Office for Civil Rights (OCR). 

Proposed Updates to the HIPAA Privacy Rule

The HHS’ OCR issued a Notice of Proposed Rulemaking on December 10, 2020, that addressed changes to the HIPAA Privacy Rule. The following categories are among the modifications under consideration:

  • Definitions have been proposed for Electronic Health Records (EHRs) and Personal Health Applications to clarify inconsistencies in how the terms are used. 
  • Individuals’ right to access their PHI is strengthened by defining standards that providers must follow to make PHI readily available. Patients also have more control over which third parties have access to their PHI. 
  • Fees for providing copies of PHI and ePHI to patients have been adjusted. The updates also clarify when a patient is entitled to ePHI with no charge.

If and when these proposed updates are implemented, it may entail a major overhaul of the practices engaged in by healthcare providers and patients. 

Healthcare expert JoAnne King explains her take on how the healthcare field must move forward into the digital age.

Cybersecurity Safe Harbor Provision Added to the HITECH Act

A Cybersecurity Safe Harbor Provision was added to the HITECH (Health Information Technology for Economic and Clinical Health) Act as a result of the passage of U.S. HR 7898. The law intends to ensure that all entities involved in handing PHI and ePHI are following HIPAA security standards currently in place. It defines these standards as recognized security practices.

The law requests that consideration be taken when fining organizations for HIPAA noncompliance based on the offender’s adherence to the recognized security practices. Entities following the guides will be subject to lesser fines than those who do not.

https://www.formstack.com/resources/blog-healthcare-data-security-facts

Updates to the Fine Structure for HIPAA Violations

Fines are calculated using a four-tiered model that considers the scope and severity of a privacy violation. Organizations that willfully neglect the protection of ePHI are subject to larger fines than those that have been breached despite their best efforts.

The maximum fine for all tiers was previously $1.5 million. That has been changed for the lesser three tiers of violations. Tier-four offenders who demonstrate willful neglect and lack of effort to address the violation are still subject to the old maximum fine.

The Future of HIPAA

HIPAA compliance standards will continue to evolve to address changes in technology, privacy concerns, and public health emergencies like the COVID-19 pandemic. Organizations in the healthcare industry need to stay apprised of changes to the regulations to avoid being in violation. Besides being subject to fines, non-compliance puts sensitive patient information at risk which should be a major consideration of all professionals working in the healthcare field.

Looking for a better way to securely collect, share, and store ePHI? Learn more about how Formstack adheres to HIPAA compliance so you can safely collect and manage patient information.


About the Author

Atlantic.Net contributed this content. Atlantic.Net is a HIPAA Compliant Cloud Provider. Connect with Atlantic.net @atlanticnet


Guest Blogger
These posts come from a combination of experts who write for the Formstack blog.
More Articles
Meet The Host
CEO of
Connect
Chris is on a mission to turn people into great leaders. He's passionate about helping problem solvers see more value in the work they do every day.