HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

HIPAA Compliance Regulations

HIPAA Compliance Regulations

HIPAA Compliance Regulations

The latest version of the HIPAA compliance regulations were enacted in the Final Omnibus Rule of 2013. They extend the rights of patients under the HIPAA Privacy Rule, now cover business associates, and introduce new administrative, physical and technical safeguards under the HIPAA Security Rule.

The HIPAA compliance regulations reflect changes in working practices and technological advances over the past few years. Many more medical professionals are supporting their workflows by using their personal mobile devices. The misuse, theft or loss of mobile devices is estimated to result in thousands of security breaches every year. The latest HIPAA compliance regulations are intended to prevent these breaches.

Compliance with the HIPAA Privacy Rule

In addition to extending the HIPAA compliance regulations to business associates, other changes to the HIPAA privacy rule introduce new guidelines for the conditions under which Protected Health Information (PHI) should be disclosed to anybody other than the patient.

Effectively, only the minimum “individually identifiable health information” should be disclosed without patient authorization – whether this is done face-to-face or via electronic media. The Rule also gives patients certain rights about their health information, including rights to examine and obtain a copy of their health records, and to request corrections.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Key Compliancy Issues within the HIPAA Security Rule

The HIPAA compliance regulations within the HIPAA Security Rule create a number of issues for healthcare organizations and HIPAA covered entities. The key issues revolve around the encryption of PHI at rest and in transit, identity authentication and message accountability, and safeguarding against the unauthorized disclosure of PHI.

Encryption is given such a high profile because copies of unencrypted SMS messages and emails remain indefinitely on service providers´ servers where they can be accessed by an third party. Identity authentication and message accountability is necessary to make sure only authorized personnel receive messages contain PHI, while mechanisms must be put in place to prevent the unauthorized disclosure of PHI.

How Secure Messaging Helps Resolve the Key Compliancy Issues

Secure messaging works by creating an encapsulated network for authorized personnel within a healthcare organization. Authorized personnel access the network via secure messaging apps that can be downloaded onto any desktop computer or mobile device, but which require a centrally-issued username and PIN before they connect with the network.

Thereafter authorized personnel can communicate PHI with the convenience and speed that mobile technology provides. Safeguards exist to prevent PHI being transmitted beyond the healthcare organization´s network, copied and pasted or saved to an external hard drive. An automatic log off function also prevents unauthorized access to PHI when a desktop computer or mobile device is left unattended.

In the event that a mobile device is misused, stolen or lost, administrators can PIN-lock the app and remotely wipe all communications from it. Administrators also receive activity reports in order to ensure adherence to the HIPAA compliance regulations and message accountability. These activity reports also assist administrators with the preparation of risk assessments – another vital element of the HIPAA compliance regulations.

The Cost-Effective Benefits of Secure Messaging

Secure messaging not only helps healthcare organizations adhere to the HIPAA compliance regulations, it can also be a cost-effective way of accelerating the communications cycle. The features that ensure message accountability also eliminate phone tag – estimated to waste 45 minutes of a medical professional´s time each day – while a group messaging function fosters collaboration and accelerates hospital admissions and patient discharges.

The cost of secure messaging is much less than other mechanisms that could be used to adhere to the HIPAA compliance regulations. A survey conducted by HIMSS Analytics concluded that secure messaging solutions were more than 40% less expensive to maintain than pager systems – not taking into account the cost of providing pagers capable of encrypting messages to all authorized personnel.

A benefit of secure messaging which is indirectly cost-effective was discovered by the Tepper School of Business at the Carnegie Mellon University in a study entitled “Saving Private Ryan”. Researchers from the School of Business found that, when secure messaging solutions were integrated with EMRs, patient safety issues reduced by 27% and medication errors decreased by 30%.

You can find a comprehensive HIPAA compliance Guide here.