It is no longer sufficient to simply have a compliance program.  Today’s federal enforcement landscape places higher demands on Privacy and Compliance Officers not envisioned in years prior.  For example, a more expansive application of HIPPA now includes severe penalties of up to $1.5 million for violations of the same HIPPA provision within a calendar year.   Also, under the Omnibus Final Rule, covered health organizations can be liable for business associates that violate privacy rules under HIPPA or the HITECH ACT.  Increased responsibilities of Compliance Officers reasonably include:

• Internal Audits of Privacy, Security and Data Transfer Policies and Procedures
• Review of Potential Data Transmission Vulnerabilities
• Oversight of Business Associate Relationships and Business Associate Agreements
• Management of Training and Educational Programs on privacy and security requirements under HIPPA and HITECH
• Overseeing Enforcement of HIPPA and HITECH policies and procedures

Unfortunately, the responsibilities resulting from the Final Rule under HIPPA are in addition to the time required for proper review, analysis and compliance enforcement of rules concerning EMTALA, Fraud, Waste and Abuse, the False Claims Act, Stark, the Anti-Kickback statute, Conflict of Interest policies and other regulatory requirements.   For this reason, health organizations should explore cost effective alternatives such as outsourcing compliance needs to legal consultants.  The advantage of outsourcing compliance not only includes cost efficiency benefits, but also the ability to protect sensitive client communications through the attorney/client privilege.  Legal compliance firms are better equipped to provide the evaluation and training required under constantly changing regulations such as HIPPA.  For more information regarding HIPPA and HITECH please contact our legal compliance firm at info@scottpractice.com.