On January 17th, 2013, the Department of Health and Human Services enacted a rule to strengthen the patient privacy protections established back in 1996. These new privacy regulations regarding information breach posed more legal scrutiny and higher fines for physicians, and they're still influencing the healthcare sector today. Any incident involving patient records is assumed to be a breach, and unless a practice conducts a risk assessment that proves protected information wasn't compromised, the breach must be reported.
The American Medical News offers suggestions on how to prepare for evolving HIPAA requirements:
- Conduct a thorough security risk assessment on all activities related to capturing, using, storing or transmitting electronic patient health information.
- Develop comprehensive breach avoidance and notification procedures.
- Examine and redesign workflow to handle more stringent requirements.