Health Care Current library

This weekly series explores breaking news and developments in the US health care industry; examines key issues facing life sciences and health care companies; and provides updates and insights on policy, regulatory, and legislative changes.


Health Care Blog

Read the Center for Health Solutions blog, sharing timely insights, research, and forward thinking for the life sciences and health care industry.


Update: Privacy and security of protected health information

Omnibus Final Rule and stakeholder considerations

​The permanent HIPAA audit program began in 2014, and the importance of ongoing risk analysis is a central feature of these audits.

Explore Content

​The transforming U.S. health care system is producing an immense volume of information and much rides upon its availability, integrity and confidentiality. However, new care models, health insurance models, mobile health (mHealth) technologies and permeable boundaries among industry stakeholders increase the complexity of managing protected health information (PHI) and compound an already challenging issue.

The Health Insurance Portability and Accountability Act (HIPAA) Omnibus Final Rule greatly expands privacy and security standards, compliance actions, breach notification steps and penalties. The new regulations allow for fines of more than $1 million for health record breaches.The permanent HIPAA audit program commences in 2014, and the importance of ongoing risk analysis is a central feature of these audits. Industry stakeholders should consider evaluating their HIPAA privacy and security controls as soon as possible.
This report discusses:

  • Health care system changes that are increasing the complexity of safeguarding PHI
  • Recently released updates to privacy and security regulations, specifically the Omnibus Final Rule
  • Four key security and privacy provisions in the Omnibus Final Rule that warrant stakeholder attention
  • Potential economic and reputational damage that may arise if organizations lack appropriate HIPAA security and privacy controls
  • Stakeholder considerations, including the use of a Security and Privacy Maturity Model to help organizations assess potential capability gaps, define their security and privacy vision and needs and develop appropriate remediation programs.

More topics


About the Deloitte Center for Health Solutions

About the Deloitte Center for Health Solutions: The source for health care insights.

Jennifer Malatesta

Principal | Life Sciences

Mark Ford

Principal | Life Sciences & Health Care

Dbriefs Webcast

Health Sciences

Anticipating tomorrow's complex issues and new strategies is a challenge. Take the lead with Dbriefs—live webcasts that give you valuable insights on important developments affecting your business. Dbriefs offers live webcasts featuring practical knowledge from Deloitte specialists.