« Social Media Session at Oklahoma Hospital Association Annual Meeting | Main | An ounce of prevention »

November 17, 2009

Son of HIPAA Breach Notification Rules and Business Associate Requirements: Who's Ready?

HIMMS Analytics surveyed about 250 hospital and business associate representatives, and came up with some figures to back up what we all knew in our hearts:  Most hospitals are gearing up for compliance with the HITECH Act / Son of HIPAA data security and breach notification requirements, but many experience data breaches -- about half of hospitals surveyed in the past year -- and business associates lag behind hospital in awareness and preparedness for compliance with new business associate requirements.

Check out the full report on the HITECH Act's impact on privacy and security, and check out recent HealthBlawg posts on HITECH Act and Son of HIPAA issues here: HITECH Act security breach rules now effective; Comments on HITECH Act breach notification rule from Capitol Hill; and Son of HIPAA Breach Notification Rules

Anyone who needs to be convinced that attention must be paid to this issue need only check out the cautionary tale of the Virginia prescription record security breach or any of the many breaches detailed here or here.

The survey provides a handful of key take-away points:

  • Risk assessments are common practice but alone do not mitigate breach risks.
  • Large hospitals experience the most data breaches and are at the greatest risk for future incidents.
  • Business associates are generally unprepared to meet the new data breach related obligations brought on by the HITECH Act.
  • Health care organizations are prepared to sanction business associates that don’t comply with the regulations outlined in the HITECH Act.
  • Inter-departmental disconnects between IT and Compliance on data breach policies and procedures leave hospitals at risk.
Bottom line: most health care provider organizations and most business associates (vendor organizations) have a great deal of work to do, not only in terms of conducting a through review of policies and procedures so as to come up with a gap analysis, but also in terms of implementing policies and procedures to fill the gaps identified, and to conduct appropriate trainings at all levels of the organization, including clear delineation of lines of communication regarding data security matters.

The Harlow Group network stands ready to assist provider and vendor organizations in preparing themselves for full compliance with the new HIPAA requirements promulgated in the HITECH Act and its regulations.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

November 17, 2009 at 12:23 AM in Health care policy, Health Law, HIPAA, HIT, Hospitals, Physicians, Privacy |

| | | | | |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451d52c69e20120a6a94064970b

Listed below are links to weblogs that reference Son of HIPAA Breach Notification Rules and Business Associate Requirements: Who's Ready?:

Comments

About

Subscribe by RSS/email

Your email address:


Powered by FeedBlitz


Reviews & Awards

  • "[Harlow is one of the top Health IT] sources providing credible, thought-provoking information and insights." Health Data Management Magazine
  • "Harlow is one of the most ... articulate communicators on health care law issues today." Fierce Healthcare
  • An "influential voice" ... a "must-read industry blogger" SmartBrief
  • "[Harlow] offers both expert insights and easy-to-understand analysis." Medscape

  • Top 5: Editors' Choice Award Top 10: Consumers' Choice
    best health blogs 2011
  • LexisNexis Insurance Law Community 2011 Top Blogs of the Year
    LexisNexis Insurance Law Community 2011 Top Blogs of the Year
  • 2010 "Rx for Excellence - Heroes From the Field" Award from Massachusetts Medical Law Report
  • The ABA Journal named HealthBlawg one of the Top 100 Blawgs of 2009
  • LexisNexis Insurance Law Community 2009 Top Blogs of the Year
    LexisNexis Insurance Law Community 2009 Top Blogs of the Year

The Walking Gallery

Subscribe to HealthBlawg as a Podcast

Become a Fan

  • Subscribe with Kindle
AddThis Social Bookmark Button


In the Press

Podcast Interviews

HealthBlawg on Twitter

Recent Posts

My Web Site

  • Google

    Search the Web
    Search HealthBlawg

Categories

Archives

More...

Blogroll

  • HealthBlawg is included in the Library of Congress Legal Blawg Archive of ~100 blawgs
  • Wikio - Top Blogs - Law
  • Healthcare 100 - eDrugSearch.com

  • Health Care Social Media Review
  • Featured in Alltop
  • Law Blogs - Blog Top Sites
  • lawyer blogs
  • THE BOBs
  • Lawyers blogs
  • Law & Legal Blogs - BlogCatalog Blog Directory
  • Find Blogs in the Blog Directory
  • My Zimbio
  • Blogarama - The Blog Directory
  • < A Legally Inclined Weblog >
  • XING
  • Add to Technorati Favorites
  • BlogBurst.com

Related Posts Widget for Blogs by LinkWithin

Health Care News