Ron Breaux in Law360: New HIPAA Tool Means No More Excuses For Lax Security


A digital tool recently released by federal regulators will make compliance with data-security provisions of the Health Insurance Portability and Accountability Act far easier for smaller businesses, but that helping hand will also remove any excuse for flouting obligations and make scofflaw corporations even more vulnerable to big penalties, experts say.

The software developed by the Office of Civil Rights at the U.S. Department of Health and Human Services is geared toward modestly sized providers, insurers and clearinghouses, as well as their business associates, that often lack the expertise to perform HIPAA's mandatory assessment of risks to the confidentiality of electronic health information in their possession.

As one indication of how daunting that assessment can be, even the digital tool — intended as a simplified way to account for risks — asks more than 150 questions about company practices and when printed out includes various considerations that span almost 400 pages...

It's also an expensive thing, so the tool should be a welcome relief for companies that would see spending thousands of dollars on third-party advice as a major expense.

"It could be very valuable, because they could save the cost of hiring an outside party," Haynes and Boone, LLP Partner Ronald W. Breaux said.

Excerpted from Law360, April 8, 2014. To view full article, click here (subscription required).


Email Disclaimer