Monday, April 15, 2013

LTN on HIPAA Compliance for Law Firms

Law Technology News invited Kathryn Hume (who's been on the road, moderating the latest round of Risk Roundtable meetings) and Pat Archbold (risk practice group head) at IntApp to weigh in on HIPAA: "2013 HIPAA Omnibus Rules Increase Risks for Law Firms" --
  • "Important new rule changes to the Health Insurance Portability and Accountability Act of 1996 now force law firms that come into contact with protected health information to revisit internal policies and practices, and  enforce information security controls, protect confidential information, monitor workforce information access and track compliance."
  • "Certain provisions of the Omnibus Rule, such as restrictions upon the marketing and sale of PHI, are unlikely to affect law firms. There are, however, three key portions of the new rule for which law firms will be held directly liable and to which they should pay the most attention."
  • "To build compliance, law firms should revisit contractual agreements with covered entities and/or relevant subcontractors, educate lawyers and staff about the changes, and implement the information security policies and protocols required by the rules."
  • "One clear place to start is to implement the access control and auditing technical safeguards required by the Security Rule. HHS tends to focus investigations on compliance with the minimum necessary standard, so firms should take steps to minimize possible disclosure within their firm systems. Still, compliance efforts may require a cultural adjustment in many firm environments, where lawyers and staff are often granted open access to client information to promote collaboration and knowledge management."
  • "With the right access control security technology, however, firms can minimize the cultural impact of achieving compliance. Software that automates access control rights based upon business rules and regulatory needs can reduce the investment required to address culture shock and frustrations. Coupled with a directed effort to promote firmwide awareness of the changes, a reliable and intelligent access control tool is a solid step towards achieving full compliance."
For more information about how the new Omnibus rule impacts law firms and steps firms are taking achieve compliance featuring presentations from Hunton & Williams and industry security experts: http://j.mp/lfrHIPAA.

No comments:

Post a Comment