Planning for the upcoming year is a chance to review the main developments in Healthcare IT HPAA Compliance from 2016 that will affect providers, business associates, and patients. Priorities remain to uphold confidentiality, integrity, and availability of patient data, factoring in the latest proceedings in technological and regulatory environments:
– Adoption of cloud computing and data services by an increased percentage of practices, in order to reduce upfront cost and technical responsibilities required on their end. In acknowledgment HHS released HIPAA and cloud computing guidance for usage, calling attention to terms of Business Associate Agreements being more critical for anyone going with this approach.
– Expansion of telemedicine, including wearable devices, allowing doctors to monitor patients and collect data without being at the same location, offering more options and rapid response. To meet the rising demand FDA has posted updated digital health for medical devices guidelines, Their focus is to ensure these tools are secured with similar considerations to standard computing environments. Safeguards may not be as far along with the newer classes of device until more specialists have studied them in depth.
– Key regulations: 21st Century Cures Act covers a broad amount of areas in the medical field; much of the law’s focus in EHR involves investing in data exchange and ability to fast-track approval of new products. For many of the individual practices that fell under CMS Meaningful Use oversight, it is transitioning to a similar program with adjustments made to streamline certain aspects, MACRA, so these providers need to be familiar with the latest reforms.
– Data breach estimation; a report from HHS in February 2016 indicates over 113 million individuals had medical records breached to some degree up to this point, at this rate could be expected to reach half the USA before the end of 2017. Patients who believe they have been impacted may file a request with HHS Office for Civil Rights.
– Ransomware emerging as a top threat; with the black market for private medical files approaching saturation, stolen records are less valuable. As a result, many cyber criminals moved on to ransomware, which locks the contents of computers and/or networks unless they are paid their asking price. In one sense the financial cost of a ransom attack may be lower than the fines from high-profile breach settlements, provided adequate backups are in place. On the other hand paying the asking price cannot guarantee recovery of data, and direct breach may have also taken place at the same time. To help health care entities better understand and respond to the threat of ransomware, the HHS Office for Civil Rights has released new HIPAA guidance.
EHR 2.0 is continually updating services to reflect the latest trends and regulations. Our HIPAA Security and Compliance Assessments are revised immediately in the event of changing conditions. If anyone has question on how new factors will impact your practice or BA operations, you can also schedule HIPAA consulting, including to review policy documents and/or associate contracts, to ensure up-to-date with the latest requirements and best practices.