Though it dominated media coverage, COVID-19 wasn't the only silent enemy healthcare organizations battled in 2020. Amid the chaos of the pandemic, hospitals and health systems were also ravaged by health data breaches, which were up 30% in 2020 compared to 2019. A new trend emerged of at least two data breaches per day.

Covered Entities and Business Associates are well aware of the mandatory requirements of the HIPAA Security Rule and the HITECH Act, but until recently, there was limited specific guidance from HHS and OCR on how to comply with standards or what regulators viewed as appropriate compliance efforts. On January 5, 2021, HR 7898, commonly referred to as the HIPAA Safe Harbor Bill, was signed into law, amending the HITECH Act and providing some clarity for Covered Entities and Business Associates on industry best practices for security. The law requires HHS and OCR to provide certain incentives for best practice cybersecurity to meet HIPAA standards.

After the Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996, the U.S. Department of Health and Human services estimated health systems would spend about $113 million to achieve compliance — plus $14.5 million annually to remain in the green, Medical Economics reported in 2019. However, the actual yearly costs of HIPAA compliance for institutions may be closer to $8.3 billion.

Our team participates in the HCCA/SCCE Corporate Compliance & Ethics Week in honor of our clients—the healthcare compliance teams across the country that combine the power of artificial intelligence with their great expertise and leadership to ensure a culture of compliance throughout their organizations. These professionals ensure their institutions work efficiently, reduce risk, and maintain the trust of patients who seek care within their hospitals and health systems. Our team at Protenus will be celebrating these professionals in a number of ways throughout Corporate Compliance and Ethics Week.

Change—personal, professional, organizational—is always hard, whether it’s good or bad. Buying or selling a house, starting a new job, or having a baby: Whenever major changes occur, humans react with stress. So, too, the thought of “leaving your legacy behind”—going from a first-generation compliance program, which just a decade ago was a paradigm shift—is a tough, stressful decision. Those systems are rules-based, they still require labor-intensive review and analysis, and they still lead to many false-positive findings that ultimately cost time and money.