Concerns for HIPAA in 2015

HIPAA Compliance is quickly becoming a hot-button issue among covered entities and their business associates as deadlines loom and penalties abound. Knowing the hurdles coming down the pipeline can help you stay a step ahead in your compliance efforts. According to a recent survey, over 54% of the organizations who are compelled to abide by HIPAA rules and regulations state that HIPAA security and compliance is the top issue within their companies. Here are a few additional concerns that may pose problems in 2015:

  • Business Associate Agreements (BAA)

Business Associate Agreements are destined to become more detailed and intricate as rules and security controls continue to change. These agreements may start to include limitations on the disclosure or use of PHI outside of the country and on cloud servers, security-related incidents that do not require notification per-incident, and identification of the ones that do. This holds many implications for BAAs moving forward, as they may become viewed as risky business deals.

  • Increased complaints and investigations

As security breaches continue to plague the industry, concerns continue to grow from patients and individuals about the protection of their PHI and medical records. The OCR online complaint system has increased their budget by $2 million to handle the steadily increasing influx of calls. Every call has to be investigated, which has now imposed a need for additional manpower to handle the investigations, audits and enforcement of violations.

  • Avoidance of PHI

As more covered entities and business associates are found to be in violation of HIPAA laws and regulations, those entities and business associates who do not need PHI to conduct business will avoid these types of transactions. Additionally, business associates will review their agreements to determine whether or not it would be advantageous to continue to do business with the covered entity in the future. New regulations will force entities to inform anyone who uses the entity that their information will not be HIPAA protected. These warnings will grow over time to be found on applications, websites, terms of use, in letters and any other correspondence.

The use of data electronically continues to grow and dominate the way covered entities and business associates do business, but new regulations and compliance efforts, in their attempt to make sure all PHI is protected under the law, pose great problems for covered entities and their business associates, especially if they do not have adequate protocols in place to handle compliance efforts.

Some of the main factors promoting these concerns are:

  • The use of certain equipment to conduct business.

Some businesses utilize online fax software (widely used) to transmit digital files and other sensitive information, which could pose significant problems if used without the proper protocols and documentation in place.

  • Security

Although using an online fax is effective for many entities and may offer an additional layer of protection in compliance efforts, the liability is huge if the servers transmitting the information are compromised in any way.

  • Document challenges

Covered entities have experienced an increase in paperwork with the number of individuals who now have insurance continues to grow. Document management, accurate record keeping and organization is a huge factor.

Making sure all of these concerns are addressed in your own compliance efforts will help maintain consistency and reliability within your risk management plans.