HIPAA Security Rule Guide Gets Updated
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and the National Institute of Standards and Technology (NIST) have published a final version of their guidance to assist HIPAA-covered entities and their business associates with improving cybersecurity and compliance with HIPAA’s Security Rule.
Employer Action Items
Cybersecurity breaches are a significant threat to health insurance carriers and employer-sponsored plans, and such threats continue to grow. The Federal government has made preventing data breaches a top priority in its HIPAA enforcement efforts.
HIPAA regulated entities, especially sponsors of self-insured health plans and business associates, should review their HIPAA policies and procedures, and assess their risk management plan, to ensure that they are up-to-date and reflect adequate cybersecurity practices and safeguards. They should consider whether an updated risk assessment analysis is warranted.
Summary
As a background, HIPAA’s Security Rule focuses on safeguarding electronic protected health information (ePHI) held or maintained by regulated entities. The ePHI that a regulated entity creates, receives, maintains, or transmits must be protected against reasonably anticipated threats, hazards, and impermissible uses and/or disclosures. This publication provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI and better understand the security concepts discussed in the HIPAA Security Rule.
More Information
The cybersecurity resource guide is available here. For further information regarding available BRCC training and assistance to bring your health plan into compliance with HIPAA’s privacy, security and breach notification rules, please contact your client representative.
For questions regarding this Legislative Update or any other related compliance issues, please contact your Burnham Benefits Consultant or Burnham Benefits at 949‐833‐2983 or inquiries@burnhambenefits.com.
This Legislative Update was prepared by the Baldwin Regulatory Compliance Collaborative (the “BRCC”), a partnership of compliance professionals offering client support and compliance solutions for the benefit of the Baldwin Risk Partners organization, which includes: Jason Sheffield, BRP National Director of Compliance; Richard Asensio, Burnham Benefits Insurance Services; Nicole L. Fender, the Capital Group; Bill Freeman, AHT Insurance; Stephanie Hall, RBA/TBA; Caitlin Hillenbrand, AHT Insurance; Paul Van Brunt, Baldwin Krystyn Sherman Partners (BKS); and Natashia Wright, Insgroup.
Burnham Benefits and the BRCC do not engage in the practice of law and this publication should not be construed as the providing of legal advice or a legal opinion of any kind. The consulting advice we provide is intended solely to assist in assessing its compliance with applicable federal and state law requirements, and is based on our interpretation of federal guidance in effect as of the date of this publication. To the best of our knowledge, the information provided herein, and assumptions relied on, are reasonable and accurate as of the date of this publication. Furthermore, to ensure compliance with IRS Circular 230, any tax advice contained in this publication is not intended to be used, and cannot be used, for purposes of (i) avoiding penalties imposed under the United States Internal Revenue Code or (ii) promoting, marketing or recommending to another person any tax-related matter.