Health Care Providers Face Stiff Data Security Rules

March 11, 2013 – In The News
Business Insurance

Smaller health care providers, as well as many of the firms that work with all health care providers, are struggling to comply with federal data security rules that takes effect soon. Even larger health care providers would do well to examine their contracts with the firms with which they deal, to be sure their contracts include proper indemnification and other safeguards.

In January, the Department of Health and Human Services Office of Civil Rights issued a final rule modifying the Health Insurance Portability and Accountability Act’s privacy, security enforcement and breach notification rules under the Health Information Technology for Economic and Clinical Health Act. This is often refereed to as the HIPAA omnibus final rule.

The rule becomes effective March 26 and final compliance is required by Sept. 23.

The old standard has been criticized for being comparable to “letting foxes guard the hen house,” said William H. Maruca, a partner with the law firm Fox Rothschild in Pittsburgh. The new standard “is supposed to be more objective,” and while not totally so, tends to move in that direction, he said.