Health Law Alert 2010 Volume 2: HIPAA: The New Enforcement Culture


Ober|Kaler's Health Law attorneys are regular contributors to Medical Laboratory Observer's "Liability and the Lab" column at This article appears in the November 2010 edition.

The culture of HIPAA compliance is about to change, driven by significant changes in the law. The OIG has been encouraging a "culture of compliance" with the antikickback laws for a number of years, which has resulted in a general awareness in clinical laboratories. Most in the health care industry, for example, know that giving a physician something of value to reward referrals is not acceptable. Few are likely to know what the foundation for compliance with the HIPAA Security Rule is, but that is changing as well.

The HIPAA Security Rule, which is basically a series of technologically neutral touch points for developing HIPAA-compliant processes and procedures for safeguarding protected health information in electronic form (ePHI) has been in effect for nearly 10 years now, but has generally received less attention than has the HIPAA Privacy Rule. The federal HIPAA enforcers have published a draft of their first annual guidance on the provisions of the HIPAA Security Rule: HIPAA Security Standards: Guidance on Risk Analysis (the Draft Guidance). Under the HIPAA Security Rule, it is not enough to be secure; documentation of the decisionmaking process that led each clinical laboratory or other HIPAA-covered entity to select the means of achieving security for ePHI at rest in or transmitted by the covered entity is required. The risk assessment is described in the Security Rule as "an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of e-PHI held by the covered entity."

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Written by:

Published In:

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ober|Kaler | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »

All the intelligence you need, in one easy email:

Great! Your first step to building an email digest of JD Supra authors and topics. Log in with LinkedIn so we can start sending your digest...

Sign up for your custom alerts now, using LinkedIn ›

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.