While reviewing the 2013 changes to HIPAA, we came upon this interesting bit of economic impact analysis early in the document. A table is presented called “Estimated Costs of the Final Rule”. Within this table, an estimated cost is presented for Security Rule Compliance by Business Associates, expected to apply to between 200,000 and 400,000 business associates of covered entities that were not previously directly liable for HIPAA compliance. The table lists this estimated cost as between $22.6 million and $113 million. I believe this cost is not remotely realistic. Let’s do a little math to figure out these costs per organization. How about a best case scenario, where we spend the least amount of money getting the largest number of[…]

In a press release issued last week, the U.S. Department of Health and Human Services (HHS) announced a long-awaited update to the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HHS Secretary Kathleen Sebelius gave the understatement of the year in the announcement: “Much has changed in health care since HIPAA was enacted over fifteen years ago…” Some of the most significant changes in health care have been as a result of the original requirements of HIPAA. Now everyone who has been to a medical professional is familiar with signing a consent form indicating they have seen a Notice of Privacy Practices. This update to HIPAA, which will go into effect on March 26, 2013, and require compliance by September 23, 2013, has a number of[…]