A new set of HIPAA patient privacy regulations will impact practices and physicians everywhere with stronger legal scrutiny and higher fines in place. The U.S. Department of Health and Human Services (HHS) has updated the final omnibus to enhance the security of patient privacy established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). With new technology, comes new HIPAA changes.
Previously, practices have been required to disclose information breaches to patients and the federal government only when the information had been compromised and determined to have notable risk to the patient. With these new regulations in place, any incident that has the potential to breach patient information must be reported. Penalties have been increased up to a maximum of $1.5 million for multiple, similar violations within a calendar year.
Practices and physicians had until the deadline, September 23, 2013, to comply with these new protocols. With physicians increasingly sharing electronic patient information through mobile devices, including laptops and tablets, it remains imperative that precautions be taken to protect both the patient and the physician. Medical practices and physicians should implement a breach avoidance plan and security risk assessment on all activities associated with storing and transferring patient information. In addition, physicians should ensure that information is kept safe with encrypted data on portable devices. Those using mobile devices should be clear on what is their responsibility for keeping protected health information (PHI) secure, and how to avoid a HIPAA breach. The safest tools are those that do not store PHI, thoroughly encrypt any exchanged information, verify the recipients of any communication, and allow for locking the device and/or disabling the tool remotely in the event of a lost or stolen device.
Since HIPAA was enacted over 15 years ago, much has changed within the healthcare field and how patient information is shared. As technology advances, new regulations must emerge with it. Physicians can stay ahead of the curve with proper knowledge and information to safeguard patient data in this evolving digital era.