St. Louis Metropolitan Medical Society

Chief Security Officer Dennis King authored a recent article in the Saint Louis Metropolitan Medical Society Journal highlighting the changes to HIPAA regulations and cybersecurity risks facing healthcare providers in 2013. The article appeared in the April/May issue of the SLMMS Journal.

The 2013 Omnibus Rule released on January 17th is the next step in over 16 years of protected healthcare information (PHI) regulation. With this update, also known as the “Final Rule,” the Department of Health and Human Services provided clarification on what Covered Entities, Business Associates, and sub-contractors must do to secure Protected Health Information.

The Department of Health and Human Services - Office of Civil Rights Director Leon Rodriguez told an audience this year, “Breaches will happen. It’s the ‘willful neglect’ that could lead to trouble for a covered entity or business associate.” “The real purpose of breach notification is for covered entities to identify the vulnerabilities that resulted in the breach, remedy those vulnerabilities in an immediate and decisive manner,” said Rodriguez.

The article discusses new HIPAA requirements, what healthcare providers must do between now and September, and the sources and frequency of cyber security threats.