Health Information Compliance Alert

Published on Thu Mar 14, 2019 PDF

There’s no denying that cyber attacks have impacted the healthcare industry. One health IT organization thinks that HIPAA does not do enough to protect patients.

“Healthcare is deemed a critical infrastructure by the Department of Homeland Security (DHS) and as such, patient safety and patient data should be viewed as a public good; protecting those things should be a national priority,” said the College of Healthcare Information Management Executives (CHIME) in a March 1 letter to Senator Lamar Alexander, chairman of the U.S. Senate Committee on Health, Education, Labor, and Pensions. The industry group acknowledges that health IT has made delivering care more efficient and informed, but that “as patient health data becomes digital and more fluid, we must ensure the implementation of stringent privacy and security standards.”

CHIME offers many recommendations for HHS and its subsidiaries to strengthen measures and go beyond HIPAA audits. Suggestions include:

• HHS Office for Civil Rights (OCR) giving better »»provider guidance on how to safeguard protected health information (PHI).
• Federal measures to decrease the burdens of »combating cyber attacks.
• Revise the HITECH Act.
• Encourage providers to put their money into »defending their practices from threats instead of focusing on HIPAA compliance.

“Providers must be able to maximize protections allowed under business associates agreements [BAAs] by redistributing responsibility for security more evenly among covered entities and their business associates [BAs],” advised the CHIME letter.

Read the CHIME letter to the U.S. Senate at https://chimecentral.org/wp-content/uploads/2019/03/CHIME-Response-to-HELP-on-Health-CostsvFINAL.pdf.