The U.S. 2013 Health Information Portability and Accountability Act (HIPAA) Omnibus Rule, which took effect in September 2013, ushers in enormous new liability that law firms with healthcare, medical malpractice, insurance and litigation practices areas will want to understand so as to avoid fines, prevent harm to your brand and protect client cases from breaches. Firms are now directly liable for parts of the Privacy Rule, the Security Rule and the updated breach notice requirements. This is a wake-up call to address the new regulatory requirements as business associates of health care organizations known as covered entities under HIPAA. In short, firms need to assess their risk management of protected health information (PHI), and build policies and procedures to safeguard uses of and access to that information.
The regulatory compliance processes that HIPAA pushes law firms to adopt are part of a larger law firm information governance framework built to manage and protect firm and client information. That's why we founded the Iron Mountain Law Firm Information Governance Symposium, a think tank where we convene law firms and experts to draft and publish emerging standards, definitions and best practices for governing information in the unique setting of law firms. The latest series of Symposium publications features a HIPPA Omnibus Task Force Report, authored by law firms and experts, which analyzes Omnibus Rule impacts to firms including non-compliant penalties up to $1.5 million and gives a roadmap on what law firms should do to comply.
As your firm charts its course for HIPAA compliance, here are few key ideas to keep in mind:
1. The Privacy Rule's new minimum necessary standard has one of the biggest impacts for firms. In a nutshell, the rule says law firms need to button down access to PHI, granting access to this private information only to those lawyers and employees who need the information to do their job. The good news is, most firms aren't starting from scratch, and therefore can leverage your existing ethical wall/conflicts and other sensitive information access policies and controls they already have in place. However, you will need to identify PHI in the firm and make sure there are guardrails up to meet this new HIPAA Omnibus standard.
2. The Security Rule requires safeguards to protect electronic PHI (ePHI). HHS guidance for this rule includes details on how to assess your risks, even for items such as digital copiers and file sharing applications. Firms that handle PHI are going to want to do some kind of security risk assessment and train your people on PHI security policies and procedures. Law firms can take a look at the Symposium Task Force Report to determine what you need to do to comply. You'll also want to be sure your service providers operate in accordance with these HIPAA requirements, especially if you store in the cloud or you or your clients use providers for scanning medical records.
3. Breach Notification. Law firms are directly liable for reporting breaches of unsecured protected health information to their covered entity, which in turn must report the breach to HHS, the affected individual, and in some instances, even the media. Needless to say, firms want to avoid the breach notification scenario. The potential for harm to the firm's brand, client cases and pocketbook is as big as a hippo. The Omnibus Rule includes a new presumption that an impermissible use or disclosure is a breach, unless the firm can prove otherwise. Another point to keep in mind is that HIPAA only requires notification of breaches of unsecured PHI meaning PHI that has not been rendered unusable, unreadable, or indecipherable to unauthorized persons. To meet this standard, HHS guidelines specify things like encrypting PHI, and clearing, purging or destroying electronic media in accordance with NIST standards. For paper and film, HHS looks at whether the media was shredded so that the PHI is unreadable and cannot be reconstructed. Firms will want to ensure that their own and their vendor methodologies meet these standards.
Don't let the HIPAA hippo overwhelm your firm - take advantage of the roadmap for compliance in the Symposium HIPAA Task Force Report today.
Founded by Iron Mountain, the Law Firm Information Governance Symposium is a community of industry thought leaders that provides common approaches and best practices for building law firm information governance enabling law firms and their clients to leverage common elements for governing and managing client information.
Most recent headlines
04/08/2024
Dalet, a leading technology and service provider for media-rich organizations, is excited to announce Santiago Solanas as its new Chief Executive Officer (CEO)....
03/06/2024
Dalet, a leading technology and service provider for media-rich organizations, a...
29/04/2024
(L-R) Mark Gatiss and Polly Walker on set
Monday 29 April 2024 Further casting is now confirmed for Bookish (6x70), a brand-new drama created by Emmy Award-wi...
29/04/2024
A groundbreaking initiative offering training and mentoring to 30 women journali...
29/04/2024
Even though we've been doing this for over 40 years, a spark of excitement r...
29/04/2024
L3Harris is delivering manpack radios to U.S. Army CH-47 Chinooks as part of the Air-to-Ground Networking Radio program, providing seamless, resilient communica...
29/04/2024
He writes in Defense One: Despite the near-universal acknowledgement throughout the U.S. government and defense industrial base of the criticality of resilient ...
29/04/2024
eds3_5_jq(document).ready(function($) { $(#eds_sliderM519).chameleonSlider_2_1({ content_source:......
29/04/2024
Codemill aims to revolutionize media workflow efficiency at this years NAB Show by introducing Just-In-Time (JIT) playback technology in Accurate.Video Validate...
29/04/2024
April 29, 2024
-- TF1 Chooses Broadpeak to Power Targeted Advertising for New...
29/04/2024
LOS ANGELES Allen Media Group (AMG) has partnered with LG Electronics to bring 223 Local Now FAST channels to LG's free streaming service, LG Channels, avai...
29/04/2024
OTTAWA Ross Video has announced the introduction of Raiden, a data-driven weather graphics software that combines data gathering, processing, and visualization ...
29/04/2024
Panalux, a leading rental provider of lighting and power solutions for the motion-picture industry and part of Panavision's end-to-end service offerings for...
29/04/2024
Cobalt Iron Inc., a leading provider of SaaS-based enterprise data protection, today announced that it has received a patent on its technology for dynamic autho...
29/04/2024
SDVI, the leading platform provider for cloud-native media supply chains, today announced that Rally Access Workstation, a fully managed solution for editing in...
29/04/2024
Premier Sports, a premium sports broadcaster, has selected QuickLink's Remote Commentary solution for introducing professional, high-quality remote commenta...
29/04/2024
Glookast has chosen Jigsaw24 Media as the only UK channel partner to represent their portfolio of ingest and workflow optimisation products. The agreement, sign...
29/04/2024
Clear-Com played a pivotal role in the seamless coverage of the recent solar eclipse on April 8, 2024. Leveraging its cutting-edge Eclipse HX Digital Matrix i...
29/04/2024
PlayBox Neo will promote its complete range of television channel management, graphic branding and playout solutions to EMEA region media content owners and bro...
29/04/2024
Lingo, RuPaul's word-twisting game show, returns for season two on CBS Friday, May 24. Two episodes air that night, and stream on Paramount Plus, too....
29/04/2024
ESPN and Amazon Prime Video are reportedly close to scoring television rights to the National Basketball Association, according to published reports....
29/04/2024
Judge Judy and Hot Bench, CBS Media Ventures' genre-leading court shows, have been renewed through the 2025-26 TV season in more than 95% of the country, Gr...
29/04/2024
Premier Sports, an Irish-based premium sports broadcaster, has selected QuickLink's Remote Commentary solution for introducing professional, high-quality re...
29/04/2024
The awards celebrate the craft of behind-the-scenes TV talent and the best programmes of 2023
By Matthew Corrigan
Published: April 29, 2024
The awards cel...
29/04/2024
The team at Milk had to create and deliver the VFX and environment work for the royal residences featured in the drama from scratch
By Jenny Priestley
Publis...
29/04/2024
CEO Bob Bakish is expected to leave the company as early as today, with a new leadership committee likely to run the company on an interim basis
By Jenny Pries...
29/04/2024
Albena Ivanova, director, media and entertainment and strategic products at CHAOS talks to TVBEurope about her route into the industry
By TVBEurope Staff
Pub...
29/04/2024
The acquisition gives Grand Technix the opportunity to expand its footprint in the audio visual and broadcast technology sectors
By Jenny Priestley
Published...
29/04/2024
29 04 2024 - Media release Screen Australia announces James J. Robinson's debut feature First Light
First Light
Principal Photography is underway on Firs...
29/04/2024
Capitol Broadcasting recently became the inaugural company honored with inductio...
29/04/2024
April 29th, 2024 UNINTERRUPTED AND TRIBECA ENTERPRISES PARTNER FOR SECOND-ANNUA...
29/04/2024
Rebrand and refresh: SailGP talks bringing its graphics operations inhouse for a...
29/04/2024
Reflecting on a Storied Career: Sean McManus Looks Back While Keeping an Eye on ...
29/04/2024
Drones Take Flight Inside MSG: How Sky Candy Studios is Upping the Excitement fo...
29/04/2024
Back to All News
Netflix Announces a Diverse Lineup of Polish Titles to Debut i...
29/04/2024
Tonight on Smoke and Mirrors: Fanyana feels embarrassed about his sexual mishapDon't miss Monday, 29 April's riveting episode of South African soapie Sm...
29/04/2024
Talk about commitment. When startup SEA.AI, an NVIDIA Metropolis partner, set out to create a system that would use AI to scan the seas to enhance maritime safe...
28/04/2024
Mediahaus delivers the first SRT live-streaming sports production over 5G with U...
27/04/2024
On April 26, L3Harris Chair and CEO Christopher E. Kubasik joined CNBC's Mor...
27/04/2024
PORTLAND, Oregon Audinate Group Limited, the developer of the Dante AV-over-IP solution, announced significant new additions to Dante Connect, its cloud-based D...
27/04/2024
TORONTO Bell Media has launched 10 English and French-language FAST channels featuring entertainment, factual, news, and sports programming. The new free stream...
27/04/2024
An extensive new analysis of the news segments in the broadcast evening news programs of ABC, CBS, NBC and PBS has found that broadcasters devoted most of their...
27/04/2024
GERMANTOWN, Md. EchoStar's Hughes Network Systems has opened a new manufacturing facility and private 5G incubation center in Germantown, Maryland....
27/04/2024
Harry Pappas, one of three brothers who founded Pappas Telecasting Companies in 1971, died April 24. He was 78 years old....
27/04/2024
ATLANTA and LONDON Mexican telecommunications and broadcast company Televisa has selected Synamedia for an overhaul of its broadcast distribution....
27/04/2024
Participate in the Survey - The Impact of AI on Media and the Creative Industry
Pascal Wagner April 26, 2024
0 Comments
By participating in this surve...
27/04/2024
SDVI Rally Access Workstation Earns Two Top Awards at 2024 NAB Show
Brie Clayton April 26, 2024
0 Comments
SDVI, the leading platform provider for clo...
27/04/2024
Berklee's Music and Health Institute Launches Community Health Musician Cert...
27/04/2024
Charter Communications reported higher first-quarter profits despite continued cord-cutting and competition for broadband customers....
The U.S. 2013 Health Information Portability and Accountability Act (HIPAA) Omnibus Rule, which took effect in September 2013, ushers in enormous new liability that law firms with healthcare, medical malpractice, insurance and litigation practices areas will want to understand so as to avoid fines, prevent harm to your brand and protect client cases from breaches. Firms are now directly liable for parts of the Privacy Rule, the Security Rule and the updated breach notice requirements. This is a wake-up call to address the new regulatory requirements as business associates of health care organizations known as covered entities under HIPAA. In short, firms need to assess their risk management of protected health information (PHI), and build policies and procedures to safeguard uses of and access to that information.
