A former senior adviser at the HHS Office for Civil Rights offers his predictions about OCR's HIPAA enforcement and regulatory activities for the year ahead in the wake of the office's leadership changes.
Healthcare providers and their business associates need to take steps to protect patient data as they would defend any other significant business asset, says David Holtzman, a former senior official at the agency that enforces HIPAA.
Many healthcare providers and their business associates have a long way to go with their HIPAA compliance efforts. But two new resources from federal regulators could help pave the way to better security.
Covered entities are finding it difficult to comply with a HIPAA Omnibus requirement to accommodate patients who pay cash and don't want their treatment information disclosed to insurers, says Jeff Cobb, CISO at Capella Healthcare.
Despite the new instructions on breach notification in the HIPAA Omnibus Rule, there's still plenty of uncertainty about what constitutes a "compromise" of data that triggers notification, says privacy attorney Adam Greene.
How can smaller healthcare organizations determine whether a vendor is a business associate or subcontractor directly liable for compliance under the new HIPAA Omnibus Rule? Regulatory expert Marjorie Satinsky explains.
Healthcare organizations signing new deals with vendors, including many cloud services providers, must make sure that their business associate agreements reflect the new HIPAA Omnibus Rule's requirements.
How are business associates affected by the HIPAA Omnibus Rule? Susan McAndrew of the HHS Office for Civil Rights outlines the relevant provisions and offers compliance advice to covered entities and their partners.