Increased Enforcement of the HIPAA Omnibus Rule Beginning September 23, 2013 Makes Stiff Penalties Possible for TPAs without Adequate Safeguards for Protected Health Information
It’s been over ten years since HIPAA required “Covered Entities” to meet certain requirements related to protected health information (PHI). “Covered Entities” include health care providers, health plans, and health care clearinghouses. In 2009, the HITECH Act extended compliance requirements directly to “Business Associates,” individuals or entities that perform certain activities involving PHI on behalf of Covered Entities. The HIPAA Omnibus Rule details and implements significant changes called for in the HITECH Act.