The U.S. Department of Health and Human Services has released the final omnibus rule to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996.

In today's electronic world, access to critical data is paramount criteria for success. Physicians and nurses need access to patient's records to ensure proper delivery of care. Too many restrictions or complicated access methodologies to internal systems can have potentially catastrophic and life-altering consequences.

This article is written by Michael J. Sacopulos is the CEO of Medical Risk Institute (MRI) MRI seeks to reduce liability exposures faced by healthcare providers.

You may be playing a high tech game of Russian Roulette with your practice and not even know it. The past several years have seen a growth of claims against providers for the accidental release of patients' private health information. Whether a system is hacked by Eastern European criminals or a laptop is left on a metro train, the consequences for both patient and provider can be expensive. The days of warnings and remedial action plans have been replaced with a new era of fines and penalties for this privacy breaches.

HHS has released a protocol for its Health Insurance Portability and Accountability Act audit program.

KPMG, a national consulting services firm, will conduct 150 audits of healthcare organizations in order to provide the HHS Office of Civil Rights with information on common gaps in the security of protected health information, according to a Health Data Management report.

Under the HIPAA security rule, text messaging should be addressed as part of an organization's comprehensive risk analysis and management strategy, especially if text messages are used to make decisions about patient care, according to a report in the Journal of AHIMA.

To say that the medical community has noticed a change in the government's enforcement stance regarding HIPAA violations would be quite an understatement. Examples of cringe-worthy behavior by providers are becoming legion. In addition to the now near-famous case involving Westerly Hospital in Rhode Island and Alexandra Thran, MD, news reports of physicians discussing patient cases on Facebook, nurses posting "humorous" X-rays on-line and medical personnel "friending" patients, similar incidents are disturbingly common. HHS investigations into this type of behavior represent a sea-change in the nature of HIPAA compliance — from one of education and the handling of paper records, to one of enforcement and the security of electronic media — and a change that should have CIOs, general counsels and compliance directors taking notice. Failure to proactively address these issues could land health systems in perilous waters, in the local media or even as the lead story on 60 Minutes.