HIPAA Omnibus Rule: Should your IT department fret over it? -- Part I

Today, the entire healthcare industry is abuzz over the latest development – the HIPAA Omnibus Rule. And all those businesses associated with healthcare providers – in some way or the other – are looking for some answers in that 500+ page proclamation, because certain clauses of the enhanced law have given them new obligations. Early this year, the U.S. Department of Health and Human Services (HHS) announced HIPAA Omnibus Rule, a collection of reformations to HIPAA, in order to strengthen the privacy and security protections for health information. Promulgated on March 26th, this law is about to give two new responsibilities to the business associates of healthcare providers:
  • Reporting data breach directly to HHS Office of Civil Rights.
  • Compliance with the renewed HIPAA Privacy & Security Rules. Installing the technology to safeguard PHI and prove its integrity.
On top of that, this new law has also redefined the term “business associate” to increase its scope. Going by the new definition, some organizations – even if loosely associated with healthcare provider – might be recognized as a “business associate” and incur the onus of complying with the renewed HIPAA. So, if your organization helps covered entities (healthcare providers bound by HIPAA) and was not recognized as a business associate so far, maybe, now it will be recognized as one.Deadline to comply with this law: September 23rd.Failure to comply would incur harsh penalties.Does it mean your IT should be worried and cranking out a compliance program? Well, it depends on whether you really are a business associate. To know more, read PART II...In case, you are indeed a business associate...And looking for tools that help you comply with the renewed HIPAA, ManageEngine has both integrated solution and point products for your IT security, IAM and compliance needs.