Health Insurance Portability and Accountability Act (HIPAA) regulations put in place to protect patient privacy and access continue to evolve into 2019, causing health care providers and organizations to keep a close watch on these important updates and developments. The nation’s leading physician staffing agency, Staff Care, looks to Smith Anderson partner Joe Dickinson for insights on major HIPAA developments for this year in its article “The Latest HIPAA Updates for 2019.”
One change for 2019 noted in the article is that the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has indicated it will have tighter enforcement of violations of patient access rights, especially for those violations that are considered “willful neglect” and don’t get corrected. Joe says the indication is that OCR will focus on those “bad actors” and egregious cases of noncompliance.
Another HIPAA change Joe confirmed is that a more permanent audit program is coming from the HIPAA Privacy, Security, and Breach Notification Audit Program. When enacted, a permanent audit program is expected to take a deeper and broader look at what organizations are doing to identify and resolve noncompliance issues.
The effect of the California Consumer Privacy Act is also a factor noted in the article, emphasizing that as a federal law HIPAA takes precedence over state law unless a state passes a patient privacy law that requires even greater protection of patients’ privacy rights, citing California as an example. The article goes on to state that when the law takes effect in 2020, it may pose challenges for some organizations when doing risk assessments. And if other states follow suit, they could face similar challenges. Echoing this concern, Joe cautions, “There may be compliance gaps because states have taken an approach that’s more protective.”
Joe is a seasoned data use, privacy and security lawyer with more than 25 years of business and legal experience advising technology companies, as well as healthcare and government entities. His extensive experience includes helping clients to identify their risks and to design, implement and manage data privacy and security programs for their business. He also advises on HIPAA compliance, technology licensing and transfer, GDPR compliance, data breaches and governmental privacy-related investigations, and conducting internal investigations related to corporate compliance. Joe speaks regularly on data privacy and cybersecurity topics, and he has presented at some of the nation’s most prestigious technology conferences.
To read the full article, click here.