HIPAA Enforcement Update: Cracking Down on Blocking and Noncompliance

Two units of the Department of Health and Human Services (HHS) — the Office of the National Coordinator for Health IT and the Centers for Medicare and Medicaid Services (CMS) — issued proposed rules to address the blocking of the secure information exchange.

According to a CMS administrator, the proposals will “out” healthcare agencies that prohibit patients from accessing their health records. Currently, a major hurdle in enabling the electronic health information exchange (HIE) from reaching its full intended potential, information blocking prohibits different systems from communicating with each other to share and make use of data to benefit patient care.

There are legitimate reasons for information blocking such as when a system’s security is suspect. Other motivations are more nefarious such as when a vendor blocks access to coerce a healthcare organization into using a particular system or software.

According to the Notice of Proposed Rulemaking (NPRM), “the proposed rule is designed to increase innovation and competition by giving patients and their healthcare providers secure access to health information and new tools, allowing for more choice in care and treatment.” As part of this rule, the healthcare industry is being asked to adopt standardized application programming interfaces (APIs), enabling patients to securely and easily access their information using smartphone applications.

HHS Office of Civil Rights (OCR) is also investigating organizations with patterns of HIPAA noncompliance. These investigations involve healthcare entities where there is no evidence of any kind of compliance or even any attempts to comply with the HIPAA rules.

The remedy for Controlling Patient Data

Spirion helps your organization protect sensitive healthcare data while enabling your patients to access their information in order to make well-informed care decisions. With rapid data discovery to accurately locate sensitive data and automated classification to appropriately categorize and label sensitive data, you can rest assured that your patients’ information is protected and secure, while also being accessible to them.

By knowing what data you have, and where it is located, you can remain HIPAA and HITECH compliant. The Spirion Data Platform is the one solution your organization needs for managing structured and unstructured data and continuously classifying and protecting new data as it is created and transmitted.

To learn more about how Spirion can help ensure your business is HIPAA and HITECH compliant visit us.