Making sure that you’re up to date with HIPAA regulations is crucial to keeping both your practice and patients safe. In a world with ever-increasing concerns over the security of personal data, one data breach is all it takes for a business to lose its patients’ trust, or worse. Of course, these concerns are not unfounded with data breaches even at the most prominent tech companies. Let’s take a look at the Top 7 HIPAA Updates From 2021.
- HIPAA Safe Harbor Bill
First up in the Top 7 HIPAA Updates From 2021 the HIPAA Safe Harbor Bill was signed into law in January 2021, directing the HHS to incentivize healthcare entities to implement best practice security and also stipulating that the Department can’t raise fines or extend audits (including when entities aren’t compliant with recognized security standards).
The new legislation also highlights recognized cybersecurity practices that are believed to decrease risk to patients and health systems. Implementing them will allow for some leniency in fines and other legal action from the Office of Civil Rights (OCR) of HHS in case of a data breach.
As mentioned earlier with the NPRM, the Safe Harbor Bill is a lengthy document with a lot of information that you will need to study. Boiling it down just to the basics, your practice requires a Security Risk Analysis (SRA), technical safeguards, and to meet the HIPAA Security Rule. Meeting these requirements will reduce the risk of your business falling victim to a data breach or reduce the penalties associated with it if one does happen.
- 21st Century Cures Act
Starting April 5, 2021, the 21st Century Cures Act came into effect, a bipartisan law designed to increase choice and access for patients and providers. The Cures Act is directed by the Office of the National Coordinator for Healthcare Technology (ONC) and facilitates patients’ access to their ePHI stored by healthcare providers and app developers while still maintaining data privacy and security. To this end, the law specifies eight types of clinical notes among electronic information that must not be blocked and must be made available free of charge to patients.
For instance, the Cures Act offers patients transparency regarding the cost and outcomes of care and easier access to health data used and stored on healthcare-related apps.
Again, the law requires a thorough read, but having a complete HIPAA program ensures that you’re protecting your patients’ data while staying up to date with regulations.
- 2022 HHS Budget
When it comes to the Top 7 HIPAA Updates From 2021 the important number is actually 2022, the 2022 budget for the HHS, released in June 2021 by the Biden Administration, increases funding specifically in those areas concerning patient rights and data protection. The Administration is acknowledging the increasing threat of cyber attacks by allotting over $200 million in additional spending for cybersecurity measures and $67 million for the HHS and their HIPAA enforcement efforts. For instance, one of the aims of this budget increase is to hire an additional 39 staff members at the OCR.
In September last year, a new Director of the OCR was also appointed – Lisa J. Pino. She formerly worked at New York State’s Department of Health, coordinating COVID-19 efforts and leading social programs. She has also worked on cybersecurity at the Department of Homeland Security (DHS) during the Obama Administration.
- HHS Notice of Proposed
In December 2020, the Department of Health & Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) with modifications to empower patients, improve coordinated care, and reduce regulatory burdens. The ~350-page document contains a lot of information, including strengthening individuals’ rights to access their own health information (PHI – Protected / Personal Health Information); facilitating disclosure in case of emergency or threatening circumstances (such as COVID-19 or the Opioid epidemic); or reducing administrative burdens on HIPAA-covered health care providers, without sabotaging patients’ information privacy.
While these changes have yet to come into effect, we expect this to happen in 2022. Consequently, a reasonable approach would be to ensure ahead of time that your practice is up to date with the new requirements.
- The Increasing Threat of Data Breaches
As the digital world is marked by an increasing number of data breaches, the healthcare industry is also at risk. In 2021, the PHI of over 40 million individuals was exposed to risk, due to data breaches at 550 covered entities – this means ransomware threats, phishing schemes, accidental disclosures, and business associate incidents.
It’s hard to stay ahead of hackers and other threats associated with data, but strictly adhering to the latest HIPAA regulations is the first step in ensuring your practice and your patient’s private information are safe. If not, you’re not only leaving yourself exposed to fines and lawsuits but also potentially compromising your credibility and trust.
At Dark Horse Tech, we have a team of experts fully trained in dental HIPAA compliance. We are always at your disposal to protect your practice from monetary penalties and hassles. Check out our HIPAA-related services for dental offices here.
- HIPAA Waivers Extension
The latest HHS extension for the Public Health Emergency first issued at the onset of the COVID-19 pandemic is effective January 16, 2022, through April 16, 2022. The flexibilities and waivers include Medicare telehealth coverage of audiology and speech-language pathology services and relaxed HIPAA requirements.
Dental practices should still adhere to HIPAA requirements for telehealth and PHI disclosure to avoid any violations once these waivers are lifted.
- Patient Right of Access
Wrapping up the list of Top 7 HIPAA Updates From 2021 is HIPAA enforcement; in 2021 enforcement was met with 25 Patient Right of Access violations, with OCR announcing five separate violations just in one day last December. Since the government announced the Right of Access Initiative in 2019, $1,505,650 has been collected. All the more reason to make sure your practice is up to date with HIPAA right of access standards.
About Darkhorse Tech
Whether you’re just starting out or a well-established organization, Darkhorse Tech has the experience and technology to help get you moving, cut costs, and streamline your operations via unlimited IT support. We are here to help you do what you do best: focus on providing top-notch care and service for patients – not dealing with IT problems, lag time spent talking with technical support, or complicated technological mishaps. Unlimited IT support services help the whole team work efficiently without worrying about significant system issues or constant interruptions.
Our additional security services include:
- Unlimited Remote and/or On-Site IT Support of All Your Hardware and Software
- Improved Network Performance and Security
- HIPAA Compliant Off-Site and Local Backup Service (Darkhorse Secure Backup)
- Managed Antivirus, Anti-Malware, and Anti-Ransomware (Darkhorse Security Products)
- Compliance & Security Laws Standards
- Microsoft Security Patch Management
- Vendor Management: We will be on the phone, not your employees
- Secure, Remote Access to Your Office
- Firewall Management
- Network Management
- Long Term Planning and Budgeting
Contact us anytime if you want to learn more about our dental-specific solutions and unlimited support packages. Our friendly customer service team will get back to you in no time. For more Dental IT information check out the Darkhorse Tech Blog