A digital tool recently released by federal regulators will make compliance with data-security provisions of the Health Insurance Portability and Accountability Act far easier for smaller businesses. The software is geared toward modestly sized providers, insurers and clearinghouses, as well as their business associates, that often lack the expertise to perform HIPAA's mandatory assessment of risks to the confidentiality of electronic health information in their possession. As one indication of how daunting that assessment can be, even the digital tool — intended as a simplified way to account for risks — asks more than 150 questions about company practices and when printed out includes various considerations that span almost 400 pages. In this Law360 article, Alisa Chestler discusses the complexity of this new tool.
"This is not a thing a provider can sit down in three hours and finish — there will be a lot of starts and stops," Ms. Chestler said.
Read the Article