As of September 23, companies are subject to new, stricter information privacy obligations under the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, Human Resource Executive reports.
The updated requirements are the largest number of changes made to federal privacy measures to date, the HR Executive’s Kecia Bal writes.
Companies outside the health care industry may be surprised to learn that they have compliance obligations under the new regulations. In addition, noncompliance penalties have increased, the article states.
Gunster attorney Bruce Lamb, leader of the firm’s health care law practice, tells HR Executive that the potential costs involved with a compliance violation means that human resource directors need to take another look at everyone they do business with – because they may be held liable for those business associates’ failure to comply. Plans, training and more must follow, he adds.
At this point, many businesses are likely not in compliance, Lamb says.
Read the entire article online: ‘Aggressive enforcement’ on privacy (Human Resource Executive Online, 9/23/13)
Related:
- Employers: HIPAA privacy rules may apply to you, too (Gunster’s Boardroom Brief, 9/24/13)
- Employers, are you a covered entity under HIPAA? (Gunster.com Newsletters & Alerts, 9/18/13)
