Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

HIPAA Compliance Must Be Updated As Technology Evolves

The HIPAA Security Rule was enacted in 2003. Since then, there have been two major changes to the Rule, first in 2009 with the HITECH Act and most recently in 2013 with the Omnibus Ruling. But, with the pace technology moves, HIPAA has had a hard time keeping up with the changing times. Since HIPAA was proposed in 1998, there have been many significant technology revolutions that have dramatically changed the way we socialize and do business. Here are just a few:

1995 – AOL.com launches
1998 – Google founded
2004 – Facebook founded
2005 – YouTube launched
2007 – First iPhone released
2009 – Cloud computing gains traction
2010 – Healthcare providers begin storing health records electronically

Even though the HIPAA Rules may not address the changing landscape of technology, it does give you a great framework to help your company navigate these uncharted waters.

How do you stay ahead of it all?

According to Tom Walsh, in his December 25, 2015 interview with Marianne Kolbasuk McGee for Healthcareinfosecurity.com 1, the three most important things HIPAA requires you to do are:

  1. Conduct a Risk Assessment
  2. Document your findings
  3. Work Your Plan

Your Risk Assessment is the first and most important step. This helps you identify any holes in your security plan. HIPAA requires this, and it is the first document HHS will ask for if you’re being audited.

Once you have your Risk Assessment, you must document your Policies and Procedures — both Privacy and Security. This is how you tell your employees how they should protect PHI in your company. If you don’t have a written plan, you don’t have a plan.

No plan is perfect out of the box. Your plan will continue to evolve as you hire new employees, adopt new technologies, and expand into new business ventures. You may find a specific procedure sounded great in theory, but when implemented, it just doesn’t work. That’s OK; be sure to document the changes! The key is to listen to feedback from employees, and be flexible as long as any changes aren’t compromising your Security!

To learn more about creating a compliance plan that meets your needs, checkout our Solutions today!

1. McGee, Marianne Kolbasuk. “Why the HIPAA Security Rule Needs Updating.” Gov Info Security. 21 Dec. 2015. Web. http://www.govinfosecurity.com/interviews/the-hipaa-security-rule-needs-updating-i-3021.

Sharing is caring!

Documents

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!

Document

Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)