Strategic insight for health IT leaders
In This Issue

Gajus - Fotolia

HIPAA privacy laws more relevant than ever

Healthcare providers that don't re-examine their level of HIPAA compliance could be caught off guard if they're subjected to a federal audit in 2015.

I was knee-deep covering hospital regulations in the early 2000s when Uncle Sam first released HIPAA privacy laws,...

and the initial reaction from healthcare organizations ranged from intrigue to panic. At that point, most medical records existed only on paper.

Fast forward 15 years. Just as the Founding Fathers could not have fully anticipated how the U.S. Constitution would apply to modern life, the authors of HIPAA probably didn't foresee how today's technology intersects with protected health information.

As CIOs grapple with the promise and risks of electronic access to medical records, pressure is rapidly building on doctors and physician practices to firm up privacy compliance now that the drumbeat of federal HIPAA audits gets louder.

In this issue of Pulse, reporter Shaun Sutner examines how to survive a HIPAA audit. The 2015 audit program from the U.S. Department of Health and Human Services' Office for Civil Rights (OCR) affects 400 providers, many of which are not fully prepared for their reviews.

The OCR won't predict publicly what enforcement actions its inspectors are contemplating, but penalty amounts can swiftly rise to the tens and hundreds of thousands for failure to meet certain HIPAA provisions.

Statistics elsewhere in this issue tie solidly into HIPAA risks. A senior adviser for OCR noted in 2014 that 33% of protected-health-information breaches affecting 500 or more people stemmed from laptops and other mobile devices.

And we look into why IMS Health, a global healthcare software company, entered into an agreement with Amazon Web Services and ditched Microsoft Azure. As reporter Beth Pariseau writes, IMS is "one of the new poster children for businesses going all-in with Amazon Web Services"

Speaking of the Web, expert contributor Reda Chouffani looks at a gap in publicly posted information about gifts and physician payments from medical device manufacturers and pharmaceutical companies. Up to one-third of such data, the collection of which falls under the Physician Payments Sunshine Act, has not been posted yet by the Centers for Medicare and Medicaid Services.

It's not clear why this information is missing, but it may be just as well for now. On the CMS posting site is a caveat: "For some searches the results will take some time to load, please be patient."

The loading time of a page versus the amount of records requested. The rapid pace of technological development versus the reluctance behind EHR adoption. Looming HIPAA audits versus subpar physician compliance. For many of you in health IT, choosing the fast lane or the slow lane brings plenty of business decisions along as baggage.

What patient privacy security concerns do you wrestle with as 2015 unfolds? Let me know at [email protected].

Article 2 of 7

Next Steps

HIPAA privacy laws, EHR certification keep providers busy

OCR explains decision to increase HIPAA audits

Recovery of meaningful use funds foreshadowing HIPAA audits results?

Dig Deeper on HIPAA (Health Insurance Portability and Accountability Act)

Get More Pulse

Access to all of our back issues View All