90 days. That’s all the time healthcare organizations have between now and the September 23 HIPAA Omnibus compliance date. Understandably, most healthcare compliance officers are focusing on the significant changes spelled out in the regulations: obtaining business associate agreements, updating notices of privacy practices, and training staff members on the changes to the law. While healthcare facility managers must make sure that these listed requirements are met, they should also be concentrating on how the newest wrinkle in HIPAA will drastically affect their organizations in years to come. This, of course, is the new definition of “breach.”
Before the Omnibus and faced with a PHI security incident, compliance officers performing a risk assessment had a relatively straightforward question to ask themselves when determining if the incident rose to the level of a data breach. If the incident was unlikely to cause major financial or reputational harm to the patient whose data had been compromised, HIPAA said that no breach had occurred. No breach, no breach notification measures necessary.
Sensing a level of abuse here, HHS greatly departed from the old standard by issuing a new breach definition in the Omnibus. Now, facilities faced with a security incident must assume it is a breach unless, through a risk assessment, it can be shown that there is a “low probability that the PHI has been compromised.” In effect, HHS changed the rebuttable presumption from no breach to breach. Think guilty until proven innocent.
This new definition goes into effect in September. What it also means is that if you are a healthcare facility and are currently allowing providers to exchange PHI through unsecured channels, each and every such transmission will now be presumed a HIPAA breach unless you can prove otherwise. Think about that for a minute. Given that the average provider uses more than five mobile devices, a simple bar napkin calculation will show that most facilities are about to be subject to a tidal wave of potential risk. If you haven’t addressed your mobile risks yet, you should do so immediately – because the stakes are about to get much higher.
Krishna Kurapati is the Founder and CEO of QliqSOFT. He has more than two decades of technology entrepreneurship experience. Kurapati started QliqSOFT with the strong desire to solve clinical collaboration and workflow challenges using artificial intelligence (AI)-powered digital technologies across the U.S. healthcare system.
Engaging Patients and Connecting Care Teams Through Interactive Digital ConversationsLearn More
Reduce call volume and improve efficiency with patient secure texting. Studies show that the majority of Americans own smartphones and prefer mobile messages over emails or calls. Secure messaging platforms enable healthcare organizations to save time and improve patient care by answering FAQs, disseminating information, automating administrative tasks, and supporting population health initiatives.
Discover how digital platforms are revolutionizing community health centers (CHCs) by alleviating staff burnout through automated messaging, customizable patient engagement, and care coordination. By leveraging chatbot-based digital automation, CHCs can reduce manual tasks, increase patient satisfaction, close gaps in care, and improve staff work-life balance. These platforms enable secure texting, virtual visits, and efficient communication, ensuring patients receive timely and personalized care while allowing staff to focus on patient needs and streamline workflows.
Discover the significance of conversational AI in healthcare as it replicates natural interactions between humans and machines, offering personalized and interactive patient experiences. Healthcare providers benefit from automating administrative tasks, answering queries, disseminating information, tracking symptoms, and analyzing clinical data. Successful implementation requires prioritization, agility, measurement, expansion, realistic expectations, and choosing a results-oriented partner.