This is a quick reminder that the September 23 deadline for compliance with the new HIPAA regulations is rapidly approaching. Organizations that handle protected health information (PHI) need to be sure they are up to speed on the changes and ready to withstand scrutiny. In general, you will need new NPPs and BAAs (Notices of Privacy Practices and Business Associate Agreements).

We talked about the new HIPAA in an August blog post. and I recorded a webcast on the HIPAA changes that you can watch. Shortly after that HIPAA post went up we got a nasty reminder of how badly things can go wrong when handling PHI. On August 26, Healthcare IT News reported that one of America’s largest healthcare providers, Advocate Health System had begun notifying 4 million people that protected health information and Social Security numbers had been compromised after the theft of four unencrypted company computers. That’s a fairly stunning number of sensitive records, prompting the headline “Behemoth breach”. Clearly Advocate is facing millions of dollars in unexpected costs to remediate this, and you can bet OCR investigators will want to see where the organization documented its decision not to encrypt these records.

via HIPAA 9/23 compliance deadline looms as breaches continue – We Live Security.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)