HIPAA Hitech, and the Burden of Compliance: Outsourcing as a Solution for Entities Affected by HIPAA's Widening Reach

Abstract

The purpose of this white paper is to inform individuals and companies that they may be subject to complex federal patient privacy regimes. Federal laws regarding patient privacy have expanded greatly over the past two decades and the nature of enforcement for patient privacy violations has changed with them. These changes have resulted in an increased level of enforcement, and in significantly larger fines being imposed upon violators by the government agencies tasked with enforcement. Additionally, recent changes in the interpretation of these federal statutes have arguably increased the efficacy of private civil suits dramatically - by utilizing HIPAA as the standard for determining the duty of care owed to patients in negligence cases. The result of these converging factors is that a large number of the entities covered by federal statutes relating to patient privacy are unaware that they are subject to that legal regime. Simultaneously, all entities covered by these federal statutes are faced with an ever more stringent standard of compliance, and even larger civil and criminal penalties in the event of non-compliance. In addition to informing the reader about the expansion of federal patient privacy law and its impact upon businesses entities and attorneys, this paper proposes that one possible solution for entities presently affected by federal patient privacy legislation would be to utilize outsourced compliance solutions. These services would provide covered entities with the ability to maintain the ongoing compliance required by federal law, while potentially reducing the frequently dramatic increases in costs associated with compliance. This paper will first discuss the evolution of patient privacy rights in the United States. It will then discuss the modern patient privacy right framework under federal law - including the scope of the statutes, the evolution of enforcement of patient privacy rights, and how recent changes have made compliance essential for any affected entity. Finally, it will end by highlighting the benefits generally associated with outsourcing and discuss how they might be applied by entities affected by federal patient privacy statutes.