It might seem easy to list which entities are required to comply with the Health Insurance Portability and Accountability Act (HIPAA): hospitals, health insurance providers and doctors' clinics, for starters. But in light of the U.S. Department of Health and Human Services' recent updates to HIPAA requirements, healthcare organizations are no longer the only ones who are considered HIPAA-covered entities.
Ed Moyle, director of emerging technology at ISACA, says that compliance professionals who are not in healthcare should be following any changes to HIPAA requirements closely. These updates had many implications:
- "HIPAA requirements not just for health organizations": Moyle outlines what new obligations organizations outside of the direct patient-provider-payer relationship have under the new rule.
- "HIPAA audits could influence compliance of business associates": In another tip, Moyle lays out how the renewed Office for Civil Rights audit program also targets HIPAA business associates, and what they should do to comply.
Over on SearchSecurity, Mike Chapple, CISSP and senior IT director at the University of Notre Dame, answers readers' questions on HIPAA, including how organizations can prepare for HIPAA audits, what the HHS is getting stricter about and how risk assessments can help with HIPAA compliance.
More on HIPAA requirements: Take a look at infosec expert Kevin Beaver's tip on how encryption and data protection can help you stay compliant with HIPAA and HITECH.
Data source: NueMD 2014 HIPAA survey, with 1,000 respondents