Updated 2025: Looking for a Business Associate Agreement? Download our FREE template

TotalHIPAA Logo

HIPAA Compliance Must Be Updated As Technology Evolves

Summary:

The HIPAA Security Rule was enacted in 2003. Since then, there have been two major changes to the Rule, first in 2009 with the HITECH Act and most recently in 2013 with the Omnibus Ruling. But, with the pace technology moves, HIPAA has had a hard time keeping up with the changing times. Since HIPAA […]

The HIPAA Security Rule was enacted in 2003. Since then, there have been two major changes to the Rule, first in 2009 with the HITECH Act and most recently in 2013 with the Omnibus Ruling. But, with the pace technology moves, HIPAA has had a hard time keeping up with the changing times. Since HIPAA was proposed in 1998, there have been many significant technology revolutions that have dramatically changed the way we socialize and do business. Here are just a few:

1995 – AOL.com launches
1998 – Google founded
2004 – Facebook founded
2005 – YouTube launched
2007 – First iPhone released
2009 – Cloud computing gains traction
2010 – Healthcare providers begin storing health records electronically

Even though the HIPAA Rules may not address the changing landscape of technology, it does give you a great framework to help your company navigate these uncharted waters.

How do you stay ahead of it all?

According to Tom Walsh, in his December 25, 2015 interview with Marianne Kolbasuk McGee for Healthcareinfosecurity.com 1, the three most important things HIPAA requires you to do are:

  1. Conduct a Risk Assessment
  2. Document your findings
  3. Work Your Plan

Your Risk Assessment is the first and most important step. This helps you identify any holes in your security plan. HIPAA requires this, and it is the first document HHS will ask for if you’re being audited.

Once you have your Risk Assessment, you must document your Policies and Procedures — both Privacy and Security. This is how you tell your employees how they should protect PHI in your company. If you don’t have a written plan, you don’t have a plan.

No plan is perfect out of the box. Your plan will continue to evolve as you hire new employees, adopt new technologies, and expand into new business ventures. You may find a specific procedure sounded great in theory, but when implemented, it just doesn’t work. That’s OK; be sure to document the changes! The key is to listen to feedback from employees, and be flexible as long as any changes aren’t compromising your Security!

To learn more about creating a compliance plan that meets your needs, checkout our Solutions today!

1. McGee, Marianne Kolbasuk. “Why the HIPAA Security Rule Needs Updating.” Gov Info Security. 21 Dec. 2015. Web. http://www.govinfosecurity.com/interviews/the-hipaa-security-rule-needs-updating-i-3021.

Sharing is caring!

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

Related Posts

How to Maintain HIPAA Compliance in Public Cloud Environments

How to Maintain HIPAA Compliance in Public Cloud Environments

Storing ePHI in the public cloud offers scalability but requires a strict “Shared Responsibility” approach. To remain HIPAA compliant, organizations must go beyond basic Business Associate Agreements (BAAs). The implementation of AES-256 encryption, multi-factor authentication (MFA), and microsegmentation are now required. This guide outlines the essential steps to securing your cloud infrastructure while meeting the latest HHS and OCR standards.

How to Stay HIPAA Compliant with Audit Logs

How to Stay HIPAA Compliant with Audit Logs

HIPAA audit logs are a mandatory technical safeguard under the HIPAA Security Rule, designed to track and record system activity across your network. To ensure complete compliance, organizations must actively maintain and routinely review these logs to detect unauthorized access to electronic protected health information (ePHI). This guide covers federal hipaa audit log requirements, the essential six-year hipaa audit log retention rules, best practices for tracking digital and physical data access, and how utilizing a structured hipaa audit log template protects your organization from catastrophic data breaches and costly federal penalties.

Is Gmail HIPAA Compliant Email? – Well, It Can Be!

Is Gmail HIPAA Compliant Email? – Well, It Can Be!

To use Google Workspace with Protected Health Information (PHI), you must enter into a Business Associate Agreement (BAA) with Google. However, a signed BAA is only the first step. To satisfy the Office for Civil Rights (OCR) modernized Security Rule standards, Covered Entities must properly configure their email settings, utilize end-to-end encryption, and account for new tech, like integrated AI. This guide covers how to secure your Gmail account and the critical configuration steps required to maintain compliance.

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Save Cart & Generate Link
Send Cart in an Email Done! close
Empty cart. Please add products before saving :)

Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Send Cart Email
Your cart email sent successfully :)