New HIPAA Rules
New HIPAA Rules
The New HIPAA Rules and the Changes for Reporting Breaches of PHI
Although the new HIPAA rules introduced in the Final Omnibus Rule of 2013 did not make many changes to the existing Security and Privacy Rules, they did have significant implications for covered entities that have failed to take measures to prevent the unauthorized disclosure of Protected Health Information (PHI).
Whereas previously, covered entities could avoid reporting breaches of PHI when there was a low risk of harm to a patient´s reputation or finances, the new HIPAA rules stipulate that all breaches of PHI must now be reported to the Office for Civil Rights (OCR) unless a documented procedure is completed that justifies the failure to report the breach.
The documented procedure has to demonstrate that there was a low risk of harm to the patient due to the nature of the PHI that was disclosed or due to the person(s) to whom it was disclosed. If multiple identifying elements have been disclosed, or the person to whom it was disclosed is unknown, HIPAA covered entities must report the breach to the OCR – unless it can be proven that the breach of PHI did not result in an unauthorized disclosure, or the risk of harm to a patient was mitigated by the destruction of the disclosed PHI.
In addition to this revised criteria for reporting breaches of PHI to the OCR, the new HIPAA rules increased the fines for non-compliance with the Security and Privacy Rules – the additional revenue being allocated to tougher enforcement of HIPAA. Shortly following the release of the new HIPAA rules, it was announced that the OCR would be conducting a round of audits – a worrying concern for any covered entity that has still failed to take measures to prevent the unauthorized disclosure of PHI.
How to Avoid Data Breaches with Secure Messaging
Rather than finding ways to avoid reporting data breaches to the OCR, it is in a covered entity´s best interests to avoid data breaches altogether. Studies conducted into the primary reasons for the unauthorized disclosure of PHI report that the theft of laptops, mobile devices and USB Flash drives account for nearly half of all PHI breaches. Therefore, these risks of harm to a patient´s reputation or finances should be the first to be eliminated.
One of the best solutions for achieving this objective is secure messaging – a communications platform that protects the integrity of PHI and prevents the unauthorized disclosure of Protected Health Information by encapsulating PHI within a private network. Secure messaging is an ideal and HIPAA compliant alternative to emails and SMS, as safeguards exist to prevent PHI being saved to a user´s device or a USB Flash drive.
Secure messaging also restricts access to PHI to authorized users, who can then communicate encrypted PHI with other authorized users via secure messaging apps. The secure messaging apps work across all operating systems and devices so that authorized users retain the same speed and convenience of modern technology as they currently enjoy using personal mobile devices to support their workloads.
All activity on the secure messaging network is monitored to ensure compliance with the new HIPAA rules and the secure messaging policies that have been implemented to support them. In the event that a laptop of Smartphone – to which a message containing PHI has been sent – is stolen, administrators have the ability to remote delete all protected Health Information and PIN-lock the app to prevent the unauthorized disclosure of PHI.
The Comprehensive Benefits of Secure Messaging
The mechanisms included in secure messaging solutions to ensure 100% message accountability have resulted in a significant acceleration of the communications cycle in healthcare organizations. Phone tag has been practically eliminated in many healthcare organizations that have implemented a secure messaging solution to comply with the new HIPAA rules – resulting in increased productivity among healthcare providers.
The group messaging facility on the secure messaging apps has been proven to foster collaboration between healthcare providers, and also to accelerate patient admissions and hospital discharges – saving many medical facilities more than $500,000 per year. Studies into the cost of operating a secure messaging solution have also found secure messaging up to 40% less expensive than alternative, unsecure channels of communication.
As well as reducing costs, increasing staff efficiency and helping healthcare organizations to comply with the new HIPAA rules, secure messaging solutions have also been beneficial to patients. According to a 2015 study by the Tepper School of Business at the Carnegie Mellon University, patient safety issues are reduced by 27% and medication errors reduced by 30% when a secure messaging solution is integrated with a healthcare organization´s EMRs.
To find out more about these benefits and for details about how secure messaging works, you are invited to download and read our “HIPAA Compliance Guide” – a comprehensive white paper compiled since the new HIPAA rules were enacted that elaborates on the criteria for reporting a breach of PHI to the OCR and the circumstances in which it is not necessary.