Healthcareinfosecurity.com publishes an interview with attorney Lisa Sotto on the modifications of HIPAA, which are expected to enter into force in the following weeks.
Healthcare organizations need to more closely monitor how their business associates protect the security of patient information and step up risk assessments as they prepare to comply with looming HIPAA modifications, says Sotto.
As proposed, the long-overdue HIPAA modifications, which may be released in the coming weeks, would require business associates and their subcontractors to comply with the HIPAA Security Rule.
“We see a growing number of breaches happen when business associates possess PHI [protected health information],” Sotto says in an interview withHealthcareInfoSecurity. “CISOs and CIOs should look at the HIPAA [modifications that are pending] as an opportunity to improve business associate security. It’s important for healthcare entities to focus their energies on seeking to prevent these sorts of incidents,” says Sotto, who heads the global privacy and data security practice of law firm Hunton & Williams.
A pending omnibus package of regulations includes several components, including modifications to the HIPAA privacy, security and enforcement rules; a final version of the HIPAAbreach notification rule; and a measure spelling out that using genetic information for insurance underwriting purposes is a privacyviolation as well as discriminatory under the Genetic Information Non-Discrimination Act.
In the interview, Sotto points to other pending regulations, including:
- A final rule that would modify the HIPAA Privacy Rule standard for accounting of disclosures of protected health information that adds new requirements for access reports. The pending regulation was placed on hold when its requirement for detailed reports about who accessed patient records proved controversial. “It’s complex and confusing and would impose a substantial, costly technological burden on covered entities,” she says.
- State privacy regulations. “There may be additional new state privacy laws enacted,” Sotto says. Texas enacted privacy laws in September that are broader than HIPAA, she notes.
Listen to the interview here: HIPAA modifications: how to prepare