Helping small providers boost HIPAA awareness remains "a work in progress," Devin Jopp, president and CEO of the Workgroup for Electronic Data Interchange (WEDI), told Health IT Security.
He said the organization works with small providers to help them understand their responsibilities and which incidents are considered breaches. Much of that work involves making technical material easier to understand and explaining the risks involved with using protected health information on mobile devices.
"Organizations have to ask what that delivery means for existing policies and procedures and whether what they have in place is adequate and sufficient to protect the data as it moves into that new environment," he said.
He called mobile a "big game changer," adding that current regulations may need an update because they're desktop-based and may hinder practices in the future.
WEDI in February released a breach notification guide to help healthcare organizations determine when notification is required under the updated HIPAA Omnibus Rule. Jopp said in the interview that small providers still report incidents that do not rise to that level.
Yet they can't be too careful. A U.S. Department of Health and Human Services attorney recently said that the whopping fines issued by the Office for Civil Rights in its crackdown on HIPAA violations over the past year will "pale in comparison" to those coming in the next 12 months.
Meanwhile, the number of breaches on the HHS "wall of shame" has topped 1,000 since federal reporting was mandated in September 2009. The records of nearly 31.7 million people have been exposed.
To learn more:
- read the interview