Ensure HIPAA Omnibus Compliance with a Vendor Management System
Health Care frauds and scams are a multimillion-dollar industry with the fraudsters devising new strategies and
employing sophisticated techniques to dupe hapless patients. Even though health care frauds directly affect half of
the population, indirectly its impact is felt by every single American. As per FBI, the health care fraud costs the
country an estimated $80 billion a year. This results in increased healthcare and insurance costs.
With the health care frauds showing no sign of abating, the federal government decided to act tough and enacted
the HIPAA (Health Insurance portability and Accountability Act) and the HITECH (Health Information Technology
for Economic and Clinical Health) acts.
The HIPAA rule applies to all doctors, dentists, chiropractors, nurses, psychologists and other professionals
including covered entities such as health plans, health care clearinghouses and certain health care providers.
However, the fact is, covered entities seek the help of third party vendors and businesses collectively known as
‘business associates’ to perform various healthcare activities. Hence, as per the HIPAA rule, it was made
mandatory that the covered entities obtain assurances from business associates that they would ensure the
privacy of protected health information that they create or receive.
In order to strengthen the rule further, the federal government brought in new changes to the HIPAA rule enacted
over 15 years ago. The new HIPAA omnibus rule “greatly enhances a patient’s privacy protections, provides
individuals new rights to their health information, and strengthens the government’s ability to enforce the law.”
One of the noteworthy changes is that business associates of covered entities have been made “directly liable for
compliance with certain of the HIPAA Privacy and Security Rules' requirements.”
With healthcare practitioners and providers having time until Sept 23, 2013 to comply with the HIPAA omnibus
rule, a vendor management system can help hospitals and physicians in ensuring HIPAA omnibus compliance. A
vendor management system helps to automate the security and compliance management process of all external
vendors and subcontractors. This allows enterprise to know how far vendors and Business Associates have
progressed in their compliance efforts. The vendor management program provides complete visibility and control
over the security and compliance posture of all vendors.
Since the omnibus rule, which came into effect on March 26, 2013, comprises of harsher penalties for non-
compliance, for instance, monetary penalties up to $1.5 million per incident (with no upper limit), business
associates of any covered entity need to ensure compliance with the HIPAA omnibus final rule at any cost.
Read more on - IT security and compliance challenges, Risk Assessment and Management