The New HIPAA Regulations and the Changes for PHI Breach Reporting

Though the new HIPAA regulations presented in the Final Omnibus Rule of 2013 didn’t change much of the current HIPAA Security and Privacy Rules, there are substantial effects for covered entities that did not take action to avoid the unauthorized Protected Health Information (PHI) disclosure.

While in the past, covered entities could opt not to report PHI breaches when the risk of damage to a patient´s reputation or resources is low, the new HIPAA regulations state that all PHI breaches should now have reports submitted to the Office for Civil Rights (OCR) except if a documented process is done that justifies not reporting the data breach.

The documented process must show that there was a small risk of damage to the patient because of the type of PHI that was exposed or because of the entity to whom it was exposed. When several identifying elements are exposed, or the individual to whom it was exposed is not known, HIPAA-regulated entities should report the security incident to the OCR, except if it could be confirmed that the PHI breach didn’t bring about an unauthorized disclosure, or the possibility of damage to a patient was mitigated by the deletion of the exposed PHI.

Apart from the modified requirements for reporting PHI breaches to the OCR, the new HIPAA regulations put higher fines for non-compliance with the HIPAA Security and Privacy Regulations. The extra income is allotted for better enforcement of HIPAA. Immediately following the introduction of the new HIPAA regulations, it was published that the OCR would be doing a series of audits, a disquieting issue for any regulated entity that still has not taken action to stop the unauthorized PHI disclosure.

How to Prevent Data Breaches Through Safe Messaging

Instead of finding ways to not submit data breach reports to the OCR, a covered entity should try its best to prevent data breaches entirely. Research shows that the main reasons for the unauthorized exposure of PHI involve the stealing of laptop computers, mobile gadgets, and USB Flash drives accounting for about 50% of all PHI breaches. As a result, these risks of danger to a patient´s reputation or resources need to be the first to be taken care of.

A good option for accomplishing this purpose is safe messaging. Use a communications system that safeguards the confidentiality of PHI and stops unauthorized access to PHI by keeping PHI inside a private system. Protected messaging is an excellent and HIPAA-compliant option for email messages and text messages, as safety measures exist to stop PHI from being stored on a user´s gadget or a USB Flash drive.

Safe messaging likewise limits PHI access to authorized end users, who can then send encrypted PHI to other approved users through safe messaging applications. The secure messaging applications work on all OS’s and gadgets so approved users have the same speed and ease of today’s technology while they presently like utilizing personal mobile gadgets to complement their work.

All actions on the protected messaging network is tracked to ensure compliance with the new HIPAA regulations and the secure messaging guidelines that are applied to back them up. When a laptop computer or Smartphone, where a message that contains PHI is sent is compromised, administrators can remotely erase all PHI and PIN-lock the application to stop the unauthorized exposure of PHI.

The Advantages of Secure Messaging

The systems built into secure messaging platforms to guarantee 100% message reliability have led to a substantial speed of the communications period in healthcare companies. Phone tag is almost removed in numerous healthcare companies that have integrated a safe messaging option to conform to the new HIPAA regulations, leading to greater productivity among medical companies.

The group messaging system on the secure messaging applications was discovered to encourage cooperation between healthcare companies, as well as speed up patient admissions and hospital discharges. This saves medical facilities over $500,000 annually. Studies into the cost of running a secure messaging program have likewise shown that safe messaging is more affordable by up to 40% than optional, unsecure programs of communication.

Aside from lowering costs, raising employees’ efficiency, and assisting healthcare companies to adhere to the new HIPAA regulations, secure messaging apps have likewise been advantageous to patients. Based on a 2015 research by the Tepper School of Business of the Carnegie Mellon University, patient protection concerns have decreased by 27% and medicine mistakes decreased by 30% when a safe messaging program is integrated into healthcare companies’ EMRs.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at