We've covered the new HIPAA rules for some time, including a recent note a few weeks ago about one firm trumpeting their compliance leadership position in this space. New updates: "2016 HIPAA Audits to Begin: Are you Confident in Your HIPAA Compliance?" --
- "Beginning early this year, the Office of Civil Rights (“OCR”) within the Department of Health and Human Services (“HHS”) will begin performing random desk and on-site audits of not only covered entities (e.g., physicians, hospitals, laboratories, etc.) but also of business associates (e.g., persons or organizations that perform functions on behalf of covered entities, such as data hosting companies, law firms, etc.). These audits are expected to focus on areas of noncompliance that OCR has witnessed in its previous audits and enforcement actions, such as risk analyses and use of encryption technology."
- "A large percentage of law firms appear to have insufficient security measures in place to ensure compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a recent survey reveals. According to the Legal Workspace survey, only 13 percent of the 240 law firms questioned have relevant technology and processes to conform with HIPAA compliance."
- "'The lack of HIPAA compliance is glaring and troublesome, but the bigger picture concern is the absence of a heightened level of cybersecurity,' Joe Kelly, founder and CEO of Legal Workspace, told Legaltech News. 'For an industry that is traditionally hyper-concerned with protecting client information, legal is clearly not keeping up with business standards regarding technology and security. Law firms are now walking targets for hackers, known for being the weak links for access to sensitive information from Social Security numbers to closing papers to information on acquisitions... If you own a law firm and think you are complying with HIPAA, I would urge you to re-examine your technology and cyber-security protocols. You may be surprised at the results.'"
- "Legal Workplace also pointed out that under HIPAA and other laws, attorneys are considered business associates if they handle any work that involves “protected health information” for covered entities under HIPAA. Protected health information includes medical history or records, laboratory results and insurance information. The designation of business associate carries certain obligations and compliance measures. There are penalties when standards are not met."