The new regulations require health care providers, health plans and other entities covered by HIPAA (Health Insurance Portability and Accountability Act) to inform individuals when their protected health information (PHI) is compromised.
In cases where more than 500 people are affected by a data breach, health care providers and other HIPAA-covered entities must promptly inform individuals. However, for data breaches where less than 500 people are affected, they must be reported to the HHS annually.
The determination of unsecured information and update to the rules will be issued by HHS, which will be updating their current document.
Think about it. Make sure your archive is intact. If audited by the U.S. Department of Health & Human Services, your newest prized possession could be particular pieces of electronically stored information that need to be produced from your email archive.
In addition, transmission of PHI is important to protect by using a secure messaging service. Whenever personal information is sent via email, that email message should be encrypted – this is fundamental according to HIPAA guidelines and is enforced with harsher penalties via the HITECH Act.
What does this mean for health care providers and other entities covered by HIPAA?
Understand the rules and start following them now. Better to make these rules, which go into place early next year, as much a part of your organization’s structure now. This will show dedication, responsibility, and when the penalties do become a reality in February 2010, you’ll be prepared.
Companies need to integrate procedures and solutions to prevent data breaches from happening now more than ever. The average cost of a data-loss incident jumped 43% in the two years between 2005 and 2007, according to a Ponemon Institute study. Putting this policy into place will help reinforce best practice procedures for companies, which in turn leads to better security for consumers.
Also, to echo the statement of acting director and principal deputy director of the HHS Office of Civil Rights Robinsue Frohboese, this new law ensures that “covered entities and business associates are accountable to the department and to individuals for proper safeguarding of the private information entrusted to their care.” Holding companies accountable for their actions helps build trust with consumers.
The end result, in theory, is greater data security for the customer. And that is a good thing.
Smarsh
Scalable for organizations of all sizes, the Smarsh platform provides customers with compliance built on confidence. It enables them to strategically future-proof as new communication channels are adopted, and to realize more insight and value from the data in their archive. Customers strengthen their compliance and e-discovery initiatives and benefit from the productive use of email, social media, mobile/text messaging, instant messaging and collaboration, web, and voice channels.
Smarsh serves a global client base that spans the top banks in North America and Europe, along with leading brokerage firms, insurers, and registered investment advisors. Smarsh also enables state and local government agencies to meet their public records and e-discovery requirements. For more information, visit www.smarsh.com.
Latest posts by Smarsh (see all)
- Strategic Partnerships Highlighted at SmarshCONNECT 2024 - April 15, 2024
- What Are Financial Firms Saying About 2023’s Regulatory Squeeze? - January 10, 2024
- Form ADV Amendments: Frequently Asked Questions (FAQ) for RIAs - December 6, 2023
Watch it Work
Contact Us
Chat