The cost of failure to comply with the HIPAA Security Rule has significantly increased during the past few years. This cost is not related solely to regulatory changes; it is also associated with data loss and corruption, legal risks, and damage to business image. Many healthcare organizations relegate disaster recovery planning and disaster preparedness to the back burner. This represents a regulatory compliance concern and a significant risk to organizations.
Q. In the April issue of BOH, one of the Q&As discussed who must send out breach notification letters if the business associate (BA) was responsible for the breach. The answer was covered entities. Didn’t HITECH make BAs covered entities?
The U.S. Department of Health and Human Services (HHS) proposed modifications to the HIPAA Privacy and Security Rules in July. In light of the changes, now might be a good time to make sure you and your colleagues understand those rules.