Many larger healthcare organizations are well prepared to meet the Health Insurance Portability and Accountability Act deadline to migrate their records to online data backup, but some smaller healthcare providers and their partners are encountering problems as the compliance deadline approaches.
The law gives healthcare providers until Sept. 23 to move patient records to cloud data storage and maintain strict security protocols. Penalties for compliance violations can total more than $1 million and are extended to the healthcare provider's business associates, which can include a variety of firms such as insurance companies, banks and data storage providers.
Business associates were able to use private health information under the previous version of the law, which was originally enacted in 1996, so long as they needed it to carry out their contract obligations, attorney Kathy Kudner said in a recent HealthIT Security interview. The updated law states that healthcare providers can continue to disclose this information, but that they need to create business agreements with every firm involved.
"Originally in HIPAA, banks were not subject to the rules because they were referred to as conduits like the Post Office," Kudner said. "But now banks were processing claims and getting access within the bank to [protected health information], so banks are struggling with that."
Compliance time adds up
The time that companies are expected to spend complying with the HIPAA data management requirements is expected to total more than 32.7 million hours, according to a government notice. About 619,000 hours will be spent becoming compliant with the new rules. Firms are expected to spend a total of 350,000 documenting data security features and about 125,000 hours establishing or modifying business associate agreements with their subcontractors.
Some firms have held seminars and workshops to help healthcare providers deal with the transition to cloud backup. In St. Louis, the Keane Insurance Group recently held a workshop to help doctors and their staff understand the new regulations and learn how to train their workers to comply with the rules.
"The idea for this workshop came out of my desire to work with our clients in navigating the challenges healthcare providers are facing today, and helping them to continually manage the risks associated with those challenges," Keane Group president John Keane said in a press release. "Some of these challenges are due to the overwhelming amount of information that medical practices use every day. With the use and storage of that data comes significant risk and responsibility."