Check out Search Security’s article – “HIPAA Omnibus Rule, PPACA challenge enterprise compliance management”, where our own Natalie Kmit and the Information Security Summit 2013 are highlighted:
WELLESLEY, Mass. — For information security professionals, compliance-related tasks have often proved to be a trying yet necessary part of the job. However, Thursday at the MassBay Community College Information Security Summit, a panel of information security experts said new compliance mandates are making practitioners’ jobs even harder.
One thing I’ve learned is you can’t storm into the CIO’s office with a print out of legislation and say, ‘This is something we need to do.’
IT director of regulatory management and compliance, Fresenius Medical Care
During a discussion on compliance and risk management, Natalie Kmit, an IT security services consultant with Framingham, Mass.-based consultancy Towerwall Inc., said the most recent compliance game-changer is the new Health Insurance Portability and Accountability Act (HIPAA) Omnibus Rule. Released in January, the rule stipulates that as of Sept. 23, not only will more stringent requirements for “business associates” of HIPAA-compliant organizations take effect, but it will also require breach notification when a covered entity or business associate experiences an impermissible use or disclosure of protected health information.
Kmit said the HIPAA Omnibus Rule has broadened the definition of a business associate, encompassing a variety of subcontractor organizations that weren’t previously included. She said this has created more work for subcontractors, as well as for the covered entities managing them.
“Many of my clients are small and midsized businesses, and so it’s about finding a way to stay within budget to do what’s necessary,” Kmit said. “Even to understand the 563-page piece of legislation is, I would say, very challenging.”