Health Care Beware: Using Skype, Google, WebEx Could Get You a $1.5M HIPAA Fine

With the updated Health Insurance Portability and Accountability Act (HIPAA) Final Rule going into effect starting next week, March 26, 2013, health care entities and health vendors will want to start looking into the way they manage patients’  protected health information, so they don’t get hit with a nasty fine.

The final rule expands privacy protections for individuals such as

  1. mandating notification for all security breaches,
  2. protecting genetic information
  3. reducing the time allowed for health care entities to respond to medical records requests to 30 days,
  4. receiving copies of electronic health records in electronic form,
  5. opting out of reports to insurance for procedures paid completely out-of-pocket,
  6. treating paid recommendations for health treatments as marketing that requires individual authorization, and
  7. making nearly everyone who touches health records directly responsible for them (maybe the one of the biggest ones).

For a more in-depth look into who the “everyone” includes and how Skype, Google, WebEx, etc. could be trouble for health entities, check out Milton’s new article in BusinessNewsDaily:

The updated HIPAA Rule now makes all businesses directly responsible for handling protected health information (PHI). This means all associated businesses, sub-contractors, and anyone else down the line – whether or not they are directly contracted by a health entity. For example, if a business associate uses Google Apps to maintain health information, then Google would also be liable by default and would need to sign a business associate agreement (BAA). (On a side note, Google is highly unlikely to enter such an agreement since Google’s business model is driven by collecting individualized data to sell advertising. See their recent privacy fines.)

Source: Expert Voices – Ensuring Healthcare Privacy in the Cloud

Read the rest of his article here.

Related Articles


%d bloggers like this: