Quarterly Healthcare Advisory
This Quarterly Healthcare Advisory is a two-part update focused on HIPAA compliance. With multiple recent changes, we wanted to bring the facts together in a cohesive way for your convenience. We encourage you to reach out to your Edelstein healthcare partner with any questions regarding this topic.
As you know, the federal government has made sweeping changes to regulations under the Health Insurance Portability and Accountability Act (“HIPAA”), strengthening patient confidentiality and expanding who can be liable for privacy breaches. It is critical for medical practices to understand how they may need to update or alter their current practices to comply with the many, and often complex, regulatory requirements of HIPAA.
Officials are now enforcing new regulations, imposing fines as high as $1.5 million per violation. In April 2014, for example, regulators sent a strong signal that they will crack down on companies when Concentra Health Services, a subsidiary of Humana, was fined $1.7 million after discovering that one laptop stolen from its physical therapy office had unencrypted health information concerning 870 people. The recent cyber-attack of Anthem Inc., affecting 80 million of their customers, is another warning to the health care industry that patient privacy data is also vulnerable to hackers and creates enormous business and legal risks.
In this update, we provide a brief refresher of the changes in patient privacy, staff training, and IT security.