HIPAA Amends its “Final Rule” Amendment

Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes standards to protect sensitive patient data and mandates any entity, be it a health care provider or a provider’s business associate that deals with electronic health records, to deploy and follow specific physical, network, and process security measures.

SSAE 16: The New Standard for Reporting on Controls at Service OrganizationsSuccessful compliance, however, goes beyond having the required deployments in place and getting a one-off certification. Certification standards and regulations continue to change. Recently, the Centers for Medicare & Medicaid Services (CMS) amended the Clinical Laboratory Improvement Amendments of 1988 (CLIA) and HIPAA.

The HIPAA Omnibus Rule of January 2013 mandated entities covered by HIPAA to provide electronic private public health information (ePHI) to patients on request, as well as to third parties on the request of a patient, within 30 days. The range of records thrown open to patients includes test result reports and billing information, besides other PHI. The latest “final rule” amendment (February 2014) makes it mandatory even for CLIA-certified laboratories covered under HIPAA to provide copies of completed test reports to patients upon request. CLIA-certified laboratories had been exempt from this requirement. The amendment supersedes various state regulations that did not allow providers or their associates from releasing health records to patients directly. The move is to make patients more engaged in their health care and ask more questions of their health care providers.

Health care providers covered under HIPAA seek out data centers that are HIPAA compliant. Data centers handling HIPAA data, being business associates of the provider, are equally liable as health care providers themselves to comply with HIPAA regulations. Data centers need to offer the same risk management strategies, policy, technical safeguards, security and ongoing compliance governance standards, and awareness training for employees as the covered entity is liable to do so. They also need to go beyond and make the necessary changes or tweaks to ensure that their systems and processes reflect the periodic changes in regulations.

Stop worrying about compliance and audits. Let the compliance experts at Lifeline Data Centers help you solve your SSAE 16, TIA-942, NFPA, HIPAA, FIMSA, FDA, PCI/DSS and Sarbanes Oxley audit problems. Lifeline delivers multi-level compliance solutions in audit-ready data centers with in-house expertise.

Alex Carroll

Alex Carroll

Managing Member at Lifeline Data Centers
Alex, co-owner, is responsible for all real estate, construction and mission critical facilities: hardened buildings, power systems, cooling systems, fire suppression, and environmentals. Alex also manages relationships with the telecommunications providers and has an extensive background in IT infrastructure support, database administration and software design and development. Alex architected Lifeline’s proprietary GRCA system and is hands-on every day in the data center.