HIPAA’s Final Rule

A few weeks ago, the United States Department of Health and Human Services (HHS) finalized a major update to the Health Insurance Portability and Accountability Act (HIPAA). The HIPAA Final Omnibus Rule – more simply, the Final Rule – is the most significant rewrite of the body of regulations since it was first enacted in 1996. The final rules tightens up the privacy protections on the private healthcare information (PHI) of consumers, requires companies that touch PHI to tighten up their security and breach reporting, puts a much greater universe of provider partners and their subcontractors squarely in its regulatory sights, and gives HIPAA a much bigger stick for enforcement in the form of the power to levy big civil and criminal penalties on violators.

HfS Research took a look these changes with an eye to identifying their impact on enterprise buyers, healthcare providers, and outsourcing industry players (BPO, ITO and cloud services providers) involved in the US healthcare industry. There’s good news and bad news in there, depending on your place in the healthcare supply chain. With any luck, your security, risk management, compliance, sourcing, and IT teams have been following the proposed changes and are poised to act now that they have been finalized. Whatever your readiness, this RapidInsight highlights the most important changes and what you have to do to address them in time for the federal compliance deadline of September 23, 2013.