New HIPAA Rule - what, how and when?

HIPAA New Rule

I spent some time collating a lot of expert opinions and adding to it my experience, thoughts, carved out below article, whitepaper for you to get everything at one place - 

HIPAA has finally released the rule on Privacy, Security, Breach Notification and Enforcement on January 25th 2013. The final rule will further strengthen government’s capability to enforce the law and also protect the patient’s privacy, safeguarding their personal information. Let us go back and understand the history and reason for existence of HIPAA before we dive deeper into the details of this latest rule.

HIPAA is an acronym for Health Insurance Portability and Accountability Act. The act was introduced in 1996 in Unites States of America to bring changes in for healthcare delivery, transaction, and administrative information systems.

The rise of tablets and smartphones has stressed upon the need of having stringent regulations and laws in place to ensure security of information and better health care delivery. The healthcare industry has been most supportive in adapting mobility and in turn mobility has helped the healthcare industry to aid in the ultimate goal of providing better healthcare services. Considering this, many patient and provider centric applications/ software solutions have been developed and deployed in the recent past. The common challenge for all such applications and solution has been to deliver information securely.

According to an article in MobiHealthNews, over 10,000 mobile healthcare applications are used to access electronic health records (EHRs) daily, but the

Office of Civil Rights has reported dramatic increase in the incidence of data loss or leakage through mobile devices—more than half of them attributed to tablets alone. These breaches may have left the personal records of 1.9 million patients at risk. Healthcare became one of the most breached industries in 2011, and medical records were involved in the three worst data breaches of that year.

Keeping this in mind, the recent regulatory changes to Health Insurance Portability and Accountability Act (HIPAA) is made stringent. For example, to safeguard the use of mobile devices among healthcare providers, new HIPAA regulations insist that all patient data be encrypted at all times—during transmission, at any time data resides on wireless devices, and even while it is stored within applications. In addition to the greater liability, an increased chance of reputational damage, the IT professional and solution providers will be facing threat of severe governmental fines, and other consequences!

On January 25, 2013, the Department of Health and Human Services issued the long-awaited revisions to the HIPAA rules, making a number of changes to the current HIPAA privacy, security, breach notification and enforcement requirements.

The most fascinating and encouraging change in the new amendment is default mechanism to share PHI (Protected Health Information) with owner is through electronic channels. This change should trigger more adoption towards sharing information with patient through electronic media such as mobile application, email or digital report with secure channel distribution. The major provisions in the new rule cover, Hefty Penalties, Breach Notification, Expansion of Covered Entities, and PHI Distribution.

Endeavour has published a whitepaper covering in detail the changes in the new HIPAA rule, their impact on the mobile solutions, and the best practices a healthcare focused mobile app developer should consider when developing solutions for healthcare domain. For more details, download this whitepaper for free and make sure you are developing applications which are HIPAA compliant.

Note: The new rule analysis, best practices, recommendations are built based on my experience with Endeavour working on mHealth solutions, healthcare IT expert's thoughts. I am thankful to all those experts and colleagues whose thoughts, published work i have referred to in this article and whitepaper.