The U.S. 2013 Health Information Portability and Accountability Act (HIPAA) Omnibus Rule, which took effect in September 2013, ushers in enormous new liability that law firms with healthcare, medical malpractice, insurance and litigation practices areas will want to understand so as to avoid fines, prevent harm to your brand and protect client cases from breaches. Firms are now directly liable for parts of the Privacy Rule, the Security Rule and the updated breach notice requirements. This is a wake-up call to address the new regulatory requirements as business associates of health care organizations known as covered entities under HIPAA. In short, firms need to assess their risk management of protected health information (PHI), and build policies and procedures to safeguard uses of and access to that information.
The regulatory compliance processes that HIPAA pushes law firms to adopt are part of a larger law firm information governance framework built to manage and protect firm and client information. That's why we founded the Iron Mountain Law Firm Information Governance Symposium, a think tank where we convene law firms and experts to draft and publish emerging standards, definitions and best practices for governing information in the unique setting of law firms. The latest series of Symposium publications features a HIPPA Omnibus Task Force Report, authored by law firms and experts, which analyzes Omnibus Rule impacts to firms including non-compliant penalties up to $1.5 million and gives a roadmap on what law firms should do to comply.
As your firm charts its course for HIPAA compliance, here are few key ideas to keep in mind:
1. The Privacy Rule's new minimum necessary standard has one of the biggest impacts for firms. In a nutshell, the rule says law firms need to button down access to PHI, granting access to this private information only to those lawyers and employees who need the information to do their job. The good news is, most firms aren't starting from scratch, and therefore can leverage your existing ethical wall/conflicts and other sensitive information access policies and controls they already have in place. However, you will need to identify PHI in the firm and make sure there are guardrails up to meet this new HIPAA Omnibus standard.
2. The Security Rule requires safeguards to protect electronic PHI (ePHI). HHS guidance for this rule includes details on how to assess your risks, even for items such as digital copiers and file sharing applications. Firms that handle PHI are going to want to do some kind of security risk assessment and train your people on PHI security policies and procedures. Law firms can take a look at the Symposium Task Force Report to determine what you need to do to comply. You'll also want to be sure your service providers operate in accordance with these HIPAA requirements, especially if you store in the cloud or you or your clients use providers for scanning medical records.
3. Breach Notification. Law firms are directly liable for reporting breaches of unsecured protected health information to their covered entity, which in turn must report the breach to HHS, the affected individual, and in some instances, even the media. Needless to say, firms want to avoid the breach notification scenario. The potential for harm to the firm's brand, client cases and pocketbook is as big as a hippo. The Omnibus Rule includes a new presumption that an impermissible use or disclosure is a breach, unless the firm can prove otherwise. Another point to keep in mind is that HIPAA only requires notification of breaches of unsecured PHI meaning PHI that has not been rendered unusable, unreadable, or indecipherable to unauthorized persons. To meet this standard, HHS guidelines specify things like encrypting PHI, and clearing, purging or destroying electronic media in accordance with NIST standards. For paper and film, HHS looks at whether the media was shredded so that the PHI is unreadable and cannot be reconstructed. Firms will want to ensure that their own and their vendor methodologies meet these standards.
Don't let the HIPAA hippo overwhelm your firm - take advantage of the roadmap for compliance in the Symposium HIPAA Task Force Report today.
Founded by Iron Mountain, the Law Firm Information Governance Symposium is a community of industry thought leaders that provides common approaches and best practices for building law firm information governance enabling law firms and their clients to leverage common elements for governing and managing client information.
Most recent headlines
06/10/2025
France T l visions, France's leading broadcaster, has received the 2025 EBU ...
04/09/2025
Monumental Sports & Entertainment (MSE), in collaboration with Dalet, has been a...
15/06/2025
July 2025 in Dublin, Berlin, Amsterdam & London
Photo: Thea Martre
Music Production for Women (MPW) have announced that they will be running a series of fo...
15/06/2025
Composer/producer launches free virtual instruments
Sulcata Sound is the latest venture of Jason Graves, a two-time British Academy Award-winnning composer,...
14/06/2025
NEW YORK Pluto TV and the All Womens Sports Network have launched a free ad-supported streaming TV (FAST) AWSN channel in the U.S., Canada, the U.K. and the Nor...
14/06/2025
NEW YORK and CINCINNATI E.W. Scripps has announced a new, multiyear agreement with the WNBA that will continue Ions regular-season coverage of the league on Fri...
14/06/2025
WASHINGTON The National Association of Broadcasters highlighted the hidden importance of spectrum in the production of major sporting events and described wha...
14/06/2025
WASHINGTON Sunsetting ATSC 1.0, expanding business opportunities for NextGen Broadcast and increasing international adoption of the ATSC 3.0 standard were top o...
14/06/2025
SAN FRANCISCO Samba TV and Acxiom have announced that they will dramatically expand their longstanding relationship....
14/06/2025
July 2025 in Dublin, Berlin, Amsterdam & London
Photo: Thea Martre
Music Production for Women (MPW) have announced that they will be running a series of fo...
14/06/2025
San Francisco State University's School of Cinema Uses Blackmagic Design
Brie Clayton June 13, 2025
0 Comments
More than 40 Blackmagic Design came...
14/06/2025
Boris FX Mocha Pro Adds New AI Tools To Tackle VFX Tasks Fast
Jessie Electa Petrov June 13, 2025
0 Comments
The 2025.5 release helps artists work more...
14/06/2025
AJA Debuts DRM2-Plus Mini-Converter Frame at InfoComm 2025
Brie Clayton June 13, 2025
0 Comments
Next-gen frame addresses diverse rackmount needs wit...
13/06/2025
(L-R) Lindsay Utz, Michelle Walshe, and The Right Honourable Dame Jacinda Ardern attend the 2025 Sundance Film Festival premiere of Prime Minister at Eccles T...
13/06/2025
Photo credit: Atsushi Nishijima
If you're a true lover of rom-coms, chances...
13/06/2025
Pure Drama and Fierce Rivalries set to dominate the world's most iconic spor...
13/06/2025
Johannesburg, 12 June 2025 - The National Film and Video Foundation (NFVF), an a...
13/06/2025
ABILENE. Texas A severe storm knocked down the tower and severely damaged the news studio and main facility of Sinclair-owned KTXS here on Sunday, June 8....
13/06/2025
Berklee's Music Business/Management Department Recognized by the Music Biz A...
13/06/2025
WASHINGTON The ATSC, the Broadcast Standards Association, honored veteran technologist Aldo Cugnini and Clarence Hau, Senior Vice President of Standards, Policy...
13/06/2025
(Editor's note: The 2025 UFL Championship Game between the D.C. Defenders and Michigan Panthers kicks off Saturday, June 14, at 8 p.m. Eastern. The game wil...
13/06/2025
New iPad/iPhone synth App announced
Following on from last year's release of Gradient Synth - which reached #6 on the App Store's Paid Music charts ...
13/06/2025
LONDON Warner Bros. Discovery has announced that HBO Max will launch direct-to-consumer in multiple new countries this July as the streamer becomes available in...
13/06/2025
AI voice transcription and captioning platform Verbit has added a new feature to its Captivate ASR solution the ability to identify specific features in automat...
13/06/2025
WASHINGTON Federal Communications Commission member Anna Gomez has wrapped up two weeks in California visiting broadcasters, television studio executives, enter...
13/06/2025
WASHINGTON The U.S. House of Representatives voted mostly along party lines to approve a rescission package that would cancel $9.4 billion in previously approve...
13/06/2025
At InfoComm 2025, AJA Video Systems announced DRM2-Plus, an intuitive, high-capacity 3RU frame that can neatly house up to 24 AJA Mini-Converters. Tailored to s...
13/06/2025
Cinema advertising leader to leverage AOS and suite of AI-enabled solutions to optimize forecasting, yield management, and streamlined ad sales and operations a...
13/06/2025
Manfrotto has launched the ONE Hybrid Tripod, a new support system designed specifically for professional content creators working with mirrorless cameras acros...
13/06/2025
Leading video software provider, Synamedia, today announced that its Media Edge Gateway (MEG), an ATSC 3.0 software-based IRD, now supports Device Security requ...
13/06/2025
LiveU, the global leader in live IP-video contribution, production and distribution solutions, is deepening its commitment to the German-speaking market with th...
13/06/2025
Chaos, the leader in architectural visualisation software, today announces Chaos Corona 13, giving archviz designers new ways to add eye-catching style and flai...
13/06/2025
PALI's Nena Music Video Shot with Blackmagic Design
Brie Clayton June 12, 2025
0 Comments
Blackmagic Cinema Camera 6K and DaVinci Resolve Studio b...
13/06/2025
OddBeast Powers Up iRobot's Newest Roombas with Suite of CGI Launch Assets
Brie Clayton June 12, 2025
0 Comments
The motion design and production ...
13/06/2025
On Chick Coreas Birthday, a Newly Uncovered Archival Release The Visitors, composed by Corea and performed by vibraphonist Gary Burton and pianist Kirill Gers...
13/06/2025
In fulfilment of a recommendation by the Government's Expert Advisory Commit...
13/06/2025
SVG Sit-Down: Backblaze's Gleb Budman Talks Products, Partnerships, and the ...
13/06/2025
SVG Sit-Down: DAZN's Walker Jacobs Calls Streaming the FIFA Club World Cup ...
13/06/2025
New Sponsor Spotlight: Vecima Networks' Paul Strickland on How Improving QoE...
13/06/2025
Pitch Perspective: Where's Next for Specialty Cameras in Soccer? Leaders from Sky Austria and ACS discuss the possibilities of camera placement pitchside B...
13/06/2025
Premiership Rugby Final 2025: Vintage clash between Bath and Leicester gets full...
13/06/2025
Premiership Rugby Final 2025: TNT Sports gears up for Bath vs Leicester battle w...
13/06/2025
NCAA Men's College World Series: ESPN Adds Two-Point SupraCam, Invests in Ne...
13/06/2025
New FSWX signal and spectrum analyzer with novel architecture overcomes limits o...
13/06/2025
Apple today announced the addition of iPad to Self Service Repair, providing iPad owners with access to repair manuals, genuine Apple parts, Apple Diagnostics t...
13/06/2025
CUPERTINO, CALIFORNIA Apple today previewed iOS 26, a major update that brings a beautiful new design, intelligent experiences, and improvements to the apps use...
13/06/2025
At Apple's Worldwide Developers Conference (WWDC), Apple unveiled Apple Games, an all-new destination designed to help players jump back into the games they...
13/06/2025
Industrial AI isn't slowing down. Germany is ready.
Following London Tech Week and GTC Paris at VivaTech, NVIDIA founder and CEO Jensen Huang's Europea...
12/06/2025
In 2018, Spotify launched Heart & Soul, a mental health initiative developed to ...
12/06/2025
50 Years Strong: SBS and NITV Supercharge NAIDOC Week 2025 in a joint 50th celeb...
The U.S. 2013 Health Information Portability and Accountability Act (HIPAA) Omnibus Rule, which took effect in September 2013, ushers in enormous new liability that law firms with healthcare, medical malpractice, insurance and litigation practices areas will want to understand so as to avoid fines, prevent harm to your brand and protect client cases from breaches. Firms are now directly liable for parts of the Privacy Rule, the Security Rule and the updated breach notice requirements. This is a wake-up call to address the new regulatory requirements as business associates of health care organizations known as covered entities under HIPAA. In short, firms need to assess their risk management of protected health information (PHI), and build policies and procedures to safeguard uses of and access to that information.
