ISO 27001 | SSAE 18 SOC 2 Certified Sales: 317.275.0021 NOC: 317.275.0001
Data Centers and the HIPAA Final Omnibus Rule of 2013
In January 2013, the United States Department of Health and Human Services (HHS) made a series of relevant changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
HIPAA is primarily in force to enhance the integrity and confidentiality of Protected Health Information in the wake of serious breaches. Today, even one breach could attract severe penalties to the tune of millions of dollars.
Data centers are among those bodies that deal with electronic data related to health and other personal as well as financial information of the nation’s Health and Human Services system.
The Act has been alive and well for more than fifteen years and has witnessed regular updates in provisions that have strengthened the Act itself or have offered increased enforcement and punishing rights to related agencies.
Key factors of the rule
A few key factors of the final omnibus rule in relation to data centers are listed below.
- Increased protection and control of ePHI
- Focus on health care providers and health data handlers
- Expansion of individual rights
- Use of related information for research and other purposes requires an individual’s sanction
- Influenced by the HITECH Act and GINA
- Prohibition of the sale of health info without permission
- Maximum penalty for every violation stands at $1.5 million
A HIPAA Compliant data center follows guidelines and procedures put forth by the final omnibus rule and ensures that they are adhered to.
The final omnibus rule and Data Centers
The final omnibus rule of HIPAA came into effect in January 2013. Health information and data is set to be protected even more ardently in an age where security breaches and leaking of data is a crucial threat.
Patient privacy and protection of health information disclosed by the patients, doctors or other relevant parties remains the onus of all parties involved, external agencies and business associates included. Therefore, as business associates handling sensitive health data, data centers need to ensure that their set procedures comply with the final omnibus rule, too.