Seizing the opportunities and avoiding the pitfalls of the 2013 HIPAA Omnibus Update
By Jesse Proudman, Founder and CEO of Blue Box
On September 23rd 2013, the HIPAA Omnibus Final Rule went into effect. This update is the most sweeping change to the HIPAA regulations since they were first instituted in 1996. For IT professionals the most interesting element of this update is the requirement that health care providers grant patients access to their health records in electronic format upon request. Couple that data access requirement with the Affordable Care Act’s (ACA) mandate that medical providers switch from physical patient charts to electronic records, and suddenly we’ve opened the door to a truly incredible Big Data revolution for healthcare IT.
“Any long term solution to the economic issues plaguing healthcare will involve the rise of smart machines.” — Derek Collison, CEO of Apcera
Today, there are more than 250 million Americans with active health coverage and with the implementation of the Affordable Care Act, that number will most certainly increase. The wealth of data that each patient generates from every physician visit, medical test, prescription and ensuing medical transactions are enormous. The new electronic requirements will open a massive door of opportunity for companies to create technologies that capture and analyze the flood of ensuing data.
Just imagine the insights that can be derived from the ability to crunch medical test records from millions of users, or the prediction algorithms customers have become familiar with from Google and Facebook, but used for medical information. Imagine the ability to integrate the “internet of things” – day-to-day sensors (think FitBit or Jawbone, or digital scales) into real time medical information. The moment for transformative discovery has arrived and beyond the economic benefits for companies riding this wave, the social benefit of being able to drive down healthcare costs and realize better patient outcomes is unparalleled.
But as new startups enter the market to capture this tantalizing opportunity, they’ll need to remember that new HIPAA Omnibus does more that present them with a lucrative opportunity. It now tightens up regulations and adds teeth to their enforcement. Historically, the government has taken a fairly lax stance for those found to have leaked personally identifiable information (PII) and patient health data. These new Omnibus HIPAA regulations change the liability and fines in a dramatic way. And the Department of Human and Health Services has made it clear that they intend to hold organizations significantly more accountable.
This means that startups rushing headlong into the healthcare big data boom need to make sure their compliance strategies aren’t an afterthought. With great power comes great responsibility. And now there will be great penalties for those that do not take that responsibility seriously. Now the Omnibus regulation changes the maximum penalty for security breaches to $1.5 million per violation.
Unfortunately, unlike PCI compliance, ensuring HIPAA compliance isn’t as simple as following a checklist of actions. HIPAA requires that an organization follows a number of “industry best practices” across a multitude of areas but does not define what those industry best practices actually are. The vagaries can leave IT organizations unintentionally exposed. Complicating things further, HIPAA compliance goes well beyond purchasing “compliant” hosting infrastructure. Applications must be designed in a secure way and internal policies and procedures have to be defined and enforced.
Startups like Accountable are entering the market to help make the HIPAA compliance process easier. Other companies can help provide a “HIPAA compliant” hosting infrastructure that is designed to meet those core industry best practices. Regardless, effective compliance that won’t expose you to risks means taking a thorough 360-degree approach. Now more than ever, it’s crucial to work with an auditor like Coalfire to help build your formal HIPAA compliance plan from top to bottom.
It’s rather straightforward – CYA. A seemingly small mistake could bring about massive penalties that will crush a startup. Don’t rush blindly after the revenue attached to the impending big data explosion in the healthcare industry. Respect and protect the data like you never have before, because too much is at stake.
About Jesse Proudman
Jesse Proudman is the Founder and CEO of Blue Box and an entrepreneur with an unbridled passion for the Internet’s infrastructure. With more than 16 years of hands on operating experience, Jesse brings vigor for corporate evangelism and product development mixed with an insatiable desire to win. You can find him on Twitter and Google +.
About Blue Box Group
Established in 2003, Blue Box is a leading private cloud and managed Services Company. Nearly 600 companies use Blue Box’s managed application hosting for their infrastructure solutions. Its clients receive white-glove 24/7 support through its industry-leading technical implementation and management expertise.
Blue Box leverages an assortment of open source technologies including OpenStack and Cloud Foundry alongside Blue Box’s “secret sauce”. With ownership and control of the infrastructure, Blue Box delivers comprehensive, customizable hosting solutions with game-changing uptime to enterprises and applications of any size. To learn more about Blue Box’s pioneering activities, visit bluebox.net, email sales@bluebox.net, or call toll-free: 1-800-613-4305.
