After the Omnibus Rule – Who Can Touch Your EPHI
Using a 3rd Party Vendor to Outsource Your ePHI
The HIPAA Omnibus Rule, which was released in January 2013, has dramatically raised the stakes for businesses to ensure the privacy and security of Protected Health Information (PHI). It has increased liability and clarified the responsibilities of Covered Entities, Business Associates and their agents, with specific emphasis on the role of IT vendors; it has instituted a tiered structure and higher civil monetary penalties for violations introduced by Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009; and it has changed the risk assessment criteria for determining notification requirements due to a breach of unsecured PHI.
Now, more than ever, it is important for Covered Entities to seek out relationships with 3rd party vendors – particularly IT vendors – who both understand the law as outlined by HIPAA and HITECH and are making a conscientious effort to achieve compliance under these stringent guidelines. The result if not could mean serious legal, financial and reputational harm for a business.
In this live recorded presentation for the Austin Chapter of the Healthcare Information and Management Systems Society (HIMSS), OnRamp Founder Chad Kissinger describes the evolution of HIPAA enforcement and how the changes that were brought on by the HIPAA Omnibus Rule will impact your IT decision-making.
Are you considering the possibility of outsourcing all or a portion of your IT infrastructure which supports the storage, transmission, and/or alteration of electronic protected health information? Watch this video to find out how HIPAA has evolved to protect such sensitive information and how it should influence your choice in forming a partnership to leverage colocation, managed hosting, cloud computing, and other hosting technologies or services.
Should you have any questions, please contact us at 888-667-2660.
HIMSS slide presentation with audio