September 23, 2013 marked the end of the relaxation or grace period for the tougher, stricter implementation of the Health Insurance Portability and Accountability Act’s (HIPAA) Omnibus Rule. The Rule, which was enforced earlier in 2013 by the U.S. Department of Health and Human Services (HHS), gave practices across the country the new guidelines to be implemented until September 23, after which they would be subject to the imposition of various types of fines related to data privacy, breaches of security in line with the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Now that the deadline has passed, practices across the country must be more careful in ensuring safety of their data. Leon Rodriguez, Director of the Office of Civil Rights (OCR) at the HHS, is of the opinion that doctors should be held accountable for violating HIPAA privacy and security rules. However, Rodriguez has himself proved to be a fair and industry-conscious person over the years. The fact that out of 80,000 HIPAA violation cases since 2003, only 16 practices have been penalized with fines is an example of the practical approach Rodriguez has adopted.

Rather than just imposing hefty fines, having more audits and the added enforcement from HHS, it is important to have a problem-solving approach towards data violations; practices need to be trained and geared up to deal with data privacy issues. Solving violation issues must be the priority of all practices.

As far as penalties are concerned, they can range from $100 to $50,000 per violation. A breach that is committed willfully and for which no corrective action was taken can cost the doctor up to $1.5 million.

Overall, practices now need to be more vigilant towards their patients’ health information and put stricter rules in place. Access to patient health information should only be allowed to authorized personnel and tighter security protocols and encryption methods should be put in place to make sure the data is always safe.

It is also important for medical practices to keep a close check on their EMR software vendors who may not have the same strict guidelines towards patient health information. Using secure connections to exchange information can also lead to better security of data.

In addition to this, practices must now start doing a detailed audit of all patient health information and its authenticity. They need to make sure that the information they have is 100% reliable, error-free and will enable them to make better decisions related to patient health. A stricter audit of their systems is also a mandatory requirement of the Omnibus Rule and will see practices being questioned on this by the HHS.

Practices are now required to be more compliant towards the safety of their patient health information which should not be a problem if they put the right safety methods are in place.

For more information view our omnibus rule infographic: https://blog.curemd.com/hipaa-security-compliance-how-important-is-it/