Why It’s Time To Update The HIPAA Security Rule

HIPAA security rule
Share this Post
Share on facebook
Facebook
Share on twitter
Twitter
Share on reddit
Reddit
Share on linkedin
LinkedIn
Share on email
Email

Why It’s Time To Update The HIPAA Security Rule

HIPAA compliance is a federal law that was enforced by the Office of Civil Rights of the U.S. Department (HHS). The idea behind it was to protect the privacy and security of health data. The law was passed in 1996 under the technological advancements that persisted during that time frame. It was finalized in 2003 to establish national standards for physical, administrative, and technical safeguards for the safety and confidentiality of the information.

The HIPAA Security Rule ensures the protection of a patient’s protected health information (ePHI) by physicians, which is electronically stored. With the rapid evolution of technology, there has been an emergence of a vast number of cyber threats. The Security Rule mentions device and media controls which were existent during the time the rule was framed. These policies and procedures, however, lag mostly in technological updates, thereby failing to meet its purpose.

Addressed terms that have turned vague with time

The HIPAA Security rule addresses “device and media controls” but does not mention anything about mobile devices or electronic systems. Over time, mobile phones and other devices have come into view and have become apart of our daily lives. These types of cyber threats and security breaches have entirely changed with time and are not mentioned in the compliance.

It mentions login monitoring while the entire systems and sub-systems have turned into a client-server base. It was suitable for a time when the systems required mainframes, but as of now, it is irrelevant. Similarly, it mentions the mandating of integrity controls in the era of reliable protocol transmissions. All of these addressed terms do not fit into the current scenario and make these policies unclear and irrelevant.

Why It’s Time To Update The HIPAA Security Rule

The HIPAA security rule needs to recognize modern technology and best practices.

The HIPAA Security Rule only covers electronic PHI rather than the modern tools and devices that are widely in use these days. The world today is switching to newer and more advanced technologies such as cloud-based and client-server-based technologies—also, new threats are emerging each day. Therefore, HIPAA must update its rule from time to time to keep up with the pace of technological advancements. It should address cyber-threats and security issues that currently dominate and wreak havoc in the industry. 

The HIPAA security rule should be made flexible and adaptable to meet the purpose it was initially framed for. It must recognize the best practices for HIPAA security, such as:

  • Doing a PHI Inventory
  • Conducting a complete HIPAA security evaluation
  • Conducting of HIPAA risk analysis
  • Enforcing a mitigation plan
  • Creating an Incident Response Plan and updating it regularly

These can assure meeting the required security procedures to implement a secure, compatible, and updated Security Rule.

Why It's Time To Update The HIPAA Security Rule

HIPAA security rule needs clarity about risk analysis, policies, and incidents

While the current HIPAA security is vague and irrelevant in particular areas, it also requires proper clarification in risk analysis, policies, and incidents. Implying security controls that meet the modern requirements by addressing them clearly can help make it better.

Risk Analysis: With a coexisting reference of “risk analysis” with “risk assessment” as mentioned by NIST, there is a constant confusion regarding this term. Therefore, the HIPAA Security Rule should say clearly about the number of analyses and tests that should be conducted on the systems and structures where the ePHI data is stored.

Policies: This term has different interpretations. Many understand policies as mere documents defining management’s demands to technical settings or controls. Thus, the HIPAA Security Rule needs to identify the relevant definition, or an Active Directory to make it more transparent and more predictable.

Incidents: The HIPAA security rule addresses events and requirements that were applicable and necessary during 1998. IT needs to upgrade and be realistic enough to meet current demands. Therefore, it should be able to determine the occurrence of any phishing or ransomware breaching taking place.

Why It's Time To Update The HIPAA Security Rule

Enforcing continuous updates in the Security Rule can help combat the significant security threats dominant in the industry. Refreshing the rule will help serve the purpose it was initially framed for.
website design
Lets make something great together!

Found yourself with an outdated, old-fashioned website? We can help!

Fill out the Discovery questionnaire to get started!

DIY & Self Help Center

All you need to know guide for providing Telehealth Services

If you want your practice to expand into providing telehealth services but don’t know where to start, read on to learn more about these services, how to go start, how to use them to grow your practice revenue and what changes you need to bring in your practice to stay on top so you can get paid for these services. We have also done a detailed analysis on popular 3rd party tools and platforms available, including price comparison. Read our All you need to know guide for providing Telehealth Services.

Read More »
Subscribe to our weekly newsletter!
Get news in your mailbox- Tips and tricks in marketing, tech, compliance and latest in practice management.
Unsubscribe anytime.
CALL 2249001110hello@practicetechsolutions.com

Your Marketing & Practice Management Info Source!

1
Website
2
SEO
3
Reputation Management
4
Social Media
5
Email Marketing
6
Online Advertising
7
Info

What kind of website are you looking for?

Number of pages?

What kind of website are you looking for?

Next

Do you want to estimate the cost of Search Engine Ranking related services for your practice?

SEO helps you get found when people search on internet. A better ranking means you can create reputation for specific services. Like “vaccine friendly doctor” or “carpal tunnel specialist”

Previous
Next

Do you want to estimate cost for review or reputation management services

83% of people look up reviews online before they engage with any practice. Getting more positive reviews for your practice makes it more likely for people to come and be your long term client. It also improves your SEO.

Previous
Next

Do you want to include cost estimate for social media marketing for your practice?

Previous
Next

Do you want to include cost estimate for email marketing for your practice?

Previous
Next

What type of online advertising are you looking for?

Previous
Next

Your Information

Previous
Submit
cookie
This website uses cookies to ensure you get the best experience on our website.