On August 9, The Legal Intelligencer published Christopher E. Ezold’s article on data security compliance as it applies to the biotech industry.
In 2013, the Federal Department of Health and Human Services (HHS) issued final omnibus amendments to regulations arising under the Health Insurance Portability and Accountability Act (HIPAA). The omnibus rules implemented privacy and security provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act. The omnibus rules required a new and significant compliance burden, widened the scope of those burdened with compliance and provided for large penalties for noncompliance—something new under HIPAA. Although HITECH and HHS’ omnibus rules had been a long time coming, many affected entities took a “wait and see” approach to compliance. For some, budgets were not prepared for compliance; others did not believe that there was significant risk of a breach. Worse, some believe that the risk of getting caught was insignificant in light of the cost and burden of compliance.
Click here to read the full article.