Articles Tagged with HIPAA

Published on:

If your business provides services to healthcare providers or health insurance companies, your business may have data privacy and security requirements under a federal law called “HIPAA” (the Health Insurance Portability and Accountability Act). If your business offers an online service or application, the first time you may have heard of HIPAA is when your potential customer asks you to sign a “business associate agreement.” Even if you don’t sign a business associate agreement, you may have compliance obligations under HIPAA. And if you fail to comply with HIPAA, you may face penalties and liabilities for violations.

Health records are among the most sensitive sets of information about us. The results of an unauthorized disclosure of health records could be devastating. Leakage of health records could lead to victims’ embarrassment, stigma, job loss, and even identity theft. Following concerns about the privacy and security of health records in the 1990s, the public began to demand protection to ensure that the healthcare industry would implement controls over what information was gathered from patients, how the information could be shared, and the secure management of that information. When Congress overhauled the healthcare laws and called for greater use of electronic transactions, Congress was aware of the need for protections over the privacy and security of health information.

The need for simplifying the administration of healthcare, coupled with a public concern over privacy and security, prompted Congress to include requirements for privacy and security in landmark healthcare legislation enacted in 1996. The 1996 legislation, called the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”),[1] has had a broad impact on the healthcare industry since its enactment, transforming practices for creating, storing, managing, transmitting, and disclosing health information in the United States. Later, Congress passed the Health Information Technology for Economic and Clinical Health Act, also called the “HITECH Act.”[2]

Published on:

Silicon Valley Law Group is pleased to announce the publication of Attorney Stephen S. Wu’s new book: “A Guide to HIPAA Security and the Law – Second Edition.” The American Bar Association published his book last month. The book provides detailed information about healthcare information technology security legal requirements and how covered entities and business associates can comply with them.

Also, please join us for a special Meetup presentation, in which Steve Wu will share his thoughts on an important topic covered in one of his book’s chapters: the impact of emerging technologies on HIPAA security compliance. The program is on September 28, 2016 at 10:00 a.m. Pacific Time at SVLG’s offices. A dial-in is available for those unable to attend in person.

The Department of Health and Human Services issued the HIPAA Security Rule in 2003 to impose information technology security requirements on HIPAA covered entities:  healthcare providers, health plans, and healthcare clearinghouses.  Later legislation and regulation also imposed HIPAA security requirements on various “business associates” of these covered entities.  Despite some changes in coverage and the breach notification rule, the core HIPAA security requirements have remained unchanged since 2003.  Nonetheless, technology trends such as cloud computing, social media, and mobile computing required applying the existing rules to new technologies.  Moreover, we are now facing dramatic and sweeping changes with augmented and virtual reality systems, Big Data, 3D printing, healthtech, the Internet of Things, robots, and artificial intelligence systems.