Perspectives

Health Care Current Library

This weekly series explores breaking news and developments in the U.S. health care industry, examines key issues facing life sciences and health care companies and provides updates and insights on policy, regulatory and legislative changes. 

Perspectives

Health Care Blog

Read the Center for Health Solutions blog - sharing timely insights, research and forward thinking for the Life Sciences & Health Care Industry.

Analysis

Update: Privacy and security of protected health information

Omnibus Final Rule and stakeholder considerations

​The permanent HIPAA audit program began in 2014, and the importance of ongoing risk analysis is a central feature of these audits.

​The transforming U.S. health care system is producing an immense volume of information and much rides upon its availability, integrity and confidentiality. However, new care models, health insurance models, mobile health (mHealth) technologies and permeable boundaries among industry stakeholders increase the complexity of managing protected health information (PHI) and compound an already challenging issue.

The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule greatly expands privacy and security standards, compliance actions, breach notification steps and penalties. The new regulations allow for fines of more than $1 million for health record breaches.The permanent HIPAA audit program commences in 2014, and the importance of ongoing risk analysis is a central feature of these audits. Industry stakeholders should consider evaluating their HIPAA privacy and security controls as soon as possible.
 
This report discusses:

  • Health care system changes that are increasing the complexity of safeguarding PHI
  • Recently released updates to privacy and security regulations, specifically the Omnibus Final Rule
  • Four key security and privacy provisions in the Omnibus Final Rule that warrant stakeholder attention
  • Potential economic and reputational damage that may arise if organizations lack appropriate HIPAA security and privacy controls
  • Stakeholder considerations, including the use of a Security and Privacy Maturity Model to help organizations assess potential capability gaps, define their security and privacy vision and needs and develop appropriate remediation programs.

Connect via email

Subscribe

Submit RFP

Submit via our online form

Find an office

Find a local office

Services

About the Deloitte Center for Health Solutions

About the Deloitte Center for Health Solutions: The source for health care insights.

People

Jennifer Malatesta

Principal | Life Sciences

People

Mark Ford

Principal | Life Sciences & Health Care

Dbriefs Webcast

Health Sciences

Anticipating tomorrow’s complex issues and new strategies is a challenge. Reach new heights with Dbriefs—live webcasts that give you valuable insights on important developments affecting your business.Dbriefs offers live webcasts featuring practical knowledge from Deloitte specialists.