New online backup requirements for healthcare providers can have an impact on other businesses.

HIPAA deadline provides no guarantee of compliance with data storage rules

Stephen Perkins

The Revised Health Insurance Portability and Accountability Act took effect Sept. 23, but there is no guarantee that all healthcare providers will comply with its online data backup rules.

The HIPAA Omnibus Rule updates a law that first went into effect in 1996 and requires private health information be moved to cloud backup in order to improve security and access to data. Changes mandated by the 2009 update are expected to alter the way medical professionals, business associates and subcontractors manage data security. Under the new guidelines, fines for data breaches can exceed $1 million.

Companies that are not in compliance may have to show the U.S. Department of Health and Human Services that they are working on a plan to get in line with the rules by migrating to offsite backup. Even if they are working on a compliance plan, healthcare providers that have not come on board with the regulations may be endangering patient records, Mahmood Sher-Jan,vice president of product management at ID Experts, told The Wall Street Journal.

"It just shows a culture of lack of compliance," Sher-Jan said. "In our experience, there is nothing worse than for HHS to see a total ignoring of their guidelines and guidance … If an organization is out of compliance in some capacity, they could suffer the consequences. It is far cheaper to put in plans than it will be trying to hope you will not get discovered."

Responsibility for data breaches will now be shared by a number of entities under the law's broadened security umbrella and can be fined accordingly if a breach is discovered to have compromised patient records. Firms that could be impacted by a security problem in a healthcare provider's data backup system could include janitorial services, software developers and other third-party organizations that have access to protected health information, according to Human Resources Executive Online. Companies that provide their own healthcare coverage for their employees also could be subject to fines.

Categories: Cloud Backup, Data Protection, Online Backup