You are on page 1of 3

Increased Scrutiny Over HIPAA Compliance Ahead

The Health Insurance Portability and Accountability Act (HIPAA), passed by Congress in 1996, continues to have a considerable effect on the healthcare industry. Along with increasing rules to strengthen the protection of patient information in a digital environment, penalties are being assessed for HIPAA noncompliance. A recent HIPAA noncompliance penalty and settlement involved Idaho State University. The University agreed to pay $400,000 to the U.S. Department of Health and Human Services (HHS) as a result of a firewall that failed to protect health information at a University clinic. The breach went undetected for more than 10 months and exposed 17,500 patient records. The Office for Civil Rights (OCR) is responsible for enforcing compliance with HIPAA. During 2012, OCR conducted 115 random HIPAA privacy and security compliance audits of providers, payors and claims clearinghouses. As a result of these and other audits, OCR has collected $15.3 million in HIPAA violations and settlements. In addition, HIPAA compliance audits will become an annual process beginning in fiscal year 2014. New HIPAA Rules and Deadlines The HIPAA Omnibus rules, passed in January 2013 by HHS, mandate additional compliance requirements that will be enforced beginning in September 2013. The new laws more extensively hold second and third party businesses responsible to keep patient health information private. Action steps that should be performed in preparation for the new rules include: Conduct a HIPAA Security Rule risk assessment Review business associate agreements and update them based on the new rules (example: include language in the business associate agreement on potential liabilities to HHS) Revise and update policies and procedures to reflect the latest HIPAA rules Conduct HIPAA training on the updated policies Educate subcontractor business associates about their responsibility (and the responsibility of their subcontractors) to safeguard health information in order to mitigate the risk of a breach of confidential information For more information on any of the above topics or other matters involving HIPAA, please contact Christopher J. McCarthy at cmccarthy@odpkf.com, Keith Solomon at ksolomon@odpkf.com or Thomas J. DeMayo at tdemayo@odpkf.com.

Christopher J. McCarthy Partner cmccarthy@odpkf.com 914.341.7018

Keith Solomon Partner ksolomon@odpkf.com 914.341.7078

Thomas DeMayo IT Manager tdemayo@odpkf.com 212.867.8000

Contact: New York, NY (midtown) 212.286.2600 New York, NY (downtown) 212.867.8000 Harrison, NY 914.381.8900 Stamford, CT 203.323.2400 Paramus, NJ 201.712.9800 New Windsor, NY 845.220.2400 Wethersfield, CT 860.257.1870

About Our Practice: O'Connor Davies, LLP is a full service Certified Public Accounting and consulting firm that has a long history of serving clients both domestically and internationally and providing specialized professional services of the highest quality. With roots tracing to 1891, seven offices located in New York, New Jersey and Connecticut, and approximately 400 professionals including 70 partners, the Firm provides a complete range of accounting, auditing, tax and management advisory services. OConnor Davies is ranked as number 36 in Accounting Today's 2013 "Top 100 Firms" in the United States. The Firm is also within the 20 largest accounting firms in the New York Metropolitan area according to Crain's New York Business and the Westchester and Fairfield County Business Journals. OConnor Davies, LLP is a member firm of the PKF International Limited network of legally independent firms and does not accept any responsibility or liability for the actions or inactions on the part of any other individual member firm or firms. IRS CIRCULAR 230 DISCLOSURE: To comply with IRS regulations, we are required to inform you that unless expressly stated otherwise, any discussion of U.S. federal tax issues in this correspondence (including any attachments) is not intended or written to be used, and cannot be used, (i) to avoid any penalties imposed under the Internal Revenue Code, or (ii) to promote, market, or recommend to another party any transaction or matter addressed herein. Our firm provides the information in this enewsletter for general guidance only, and it does not constitute the provision of legal advice, tax advice, accounting services, investment advice, or professional consulting of any kind.