Health Law Alert 2010 Volume 2: HIPAA: The New Enforcement Culture


Ober|Kaler's Health Law attorneys are regular contributors to Medical Laboratory Observer's "Liability and the Lab" column at This article appears in the November 2010 edition.

The culture of HIPAA compliance is about to change, driven by significant changes in the law. The OIG has been encouraging a "culture of compliance" with the antikickback laws for a number of years, which has resulted in a general awareness in clinical laboratories. Most in the health care industry, for example, know that giving a physician something of value to reward referrals is not acceptable. Few are likely to know what the foundation for compliance with the HIPAA Security Rule is, but that is changing as well.

The HIPAA Security Rule, which is basically a series of technologically neutral touch points for developing HIPAA-compliant processes and procedures for safeguarding protected health information in electronic form (ePHI) has been in effect for nearly 10 years now, but has generally received less attention than has the HIPAA Privacy Rule. The federal HIPAA enforcers have published a draft of their first annual guidance on the provisions of the HIPAA Security Rule: HIPAA Security Standards: Guidance on Risk Analysis (the Draft Guidance). Under the HIPAA Security Rule, it is not enough to be secure; documentation of the decisionmaking process that led each clinical laboratory or other HIPAA-covered entity to select the means of achieving security for ePHI at rest in or transmitted by the covered entity is required. The risk assessment is described in the Security Rule as "an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of e-PHI held by the covered entity."

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ober|Kaler | Attorney Advertising

Written by:


Ober|Kaler on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.