HIPAA Omnibus Rule: New Penalty system with steeper fines

The passage of HIPAA Omnibus Rule heralds a new era of accountability for organizations that fall under the category of ‘business associates’ to a healthcare provider. The new rule has made some sweeping changes to the penalty system applied to each HIPAA violation category. Before you jump the gun and start worrying about the hefty fines, read this post to know whether you actually fit the role of a ‘business associate’ under the new rule. The New Penalty System Under the new rule, civil monetary penalties for noncompliance have been increased based on the level of violation. So, any breach of PHI (Protected Health Information) – whether intentional or accidental – can potentially set you back…

HIPAA Omnibus Rule: Should your organization’s IT department fret over it? — Part II

In the first part of this 2-part blog, we saw the update about the HIPAA Omnibus Rule and the deadline for compliance (September 23rd, 2013). Now, let’s analyze the before & after of this new rule, and if it really applies to you. (Check out the examples given for better understanding.) The Scene Before HIPAA Omnibus…
Before this law was enacted, it was the responsibility of healthcare providers (hospitals, clearinghouses, insurance companies, etc.) to report to HHS about any breach into the protected health information (PHI) that they store. And they had to comply with the detailed HIPAA Privacy Rule and HIPAA Security Rule in order to show that the PHI had been properly safeguarded, and not b…

HIPAA Omnibus Rule: Should your IT department fret over it? — Part I

Today, the entire healthcare industry is abuzz over the latest development – the HIPAA Omnibus Rule. And all those businesses associated with healthcare providers – in some way or the other – are looking for some answers in that 500+ page proclamation, because certain clauses of the enhanced law have given them new obligations. Early this year, the U.S. Department of Health and Human Services (HHS) announced HIPAA Omnibus Rule, a collection of reformations to HIPAA, in order to strengthen the privacy and security protections for health information. Promulgated on March 26th, this law is about to give two new responsibilities to the business associates of healthcare providers:
  • Reporting data brea

Unauthorized access and use of protected health information is the most profitable crime in the USA: Are you fully prepared to combat? [Part-1]

At over $60 billion per year, Medicare fraud has become one of the most profitable crimes in America, say analysts. In South Florida, health information fraud has replaced cocaine as the major criminal enterprise. As health care providers have fully turned digital with Electronic Health Records that contain protected health information, health information data breaches are also increasing in number, frequency and magnitude across the globe.  It might be baffling to some – what would one gain from stealing protected health information.  Fraud resulting from medical identity theft primarily takes two forms: 
  1. physician identification numbers that are stolen and used to bill for se