March 22, 2013 – AUSTIN, TX – OnRamp, a data center operations company headquartered in Austin, TX, announces that company founder Chad Kissinger will be the featured speaker at the Austin HIMSS Chapter Luncheon on Tuesday, April 9, 2013. Kissinger will speak about the recent changes to the Health Insurance Portability and Accountability Act (HIPAA) provided in the Health and Human Services (HHS) Final Omnibus Rule, in a presentation entitled, “After the Omnibus Rule – Who Can Touch Your [Electronic Protected Health Information] (e-PHI): Using a 3rd Party Vendor to Outsource Your e-PHI.” Kissinger’s discussion will chronicle the legal structure established for protecting the privacy of critical healthcare data preceding the Health Information Technology for Economic and Clinical Health Act (HITECH), to the present standards defined by the Final Omnibus Rule.
OnRamp is addressing the recent surge in HIPAA compliance violations with hosting solutions that meet the privacy and security standards defined by the HIPAA and HITECH laws. OnRamp’s HIPAA Compliant Hosting solutions are rooted in the data center operations company’s highly secure managed hosting, cloud computing and colocation services. OnRamp uses a 3-Step HIPAA Risk Assessment to diagnose, assess and manage any threats, vulnerabilities and risks to the IT structure of covered entities.
Kissinger has been a driving force in developing OnRamp’s offering and serves as the company’s lead advisor on the subject matter. “With the recent enactment of the New Final Omnibus Rule, HHS has clarified the responsibilities of covered entities, business associates and their agents, with specific emphasis on the role of IT vendors,” stated Kissinger. “The conduit exception is no longer sufficient for relieving the responsibility of business associates who have persistent access to PHI, and establishes direct liability with or without a Business Associate Agreement (BAA). Pressure is also added to covered entities that are now liable for the penalties or mistakes of their business associates and agents.”
The Final Omnibus Rule which will go into effect on March 26th, 2013, has garnered attention throughout the healthcare industry for the impact it is expected to have on businesses that are unable to come into compliance. At the Austin HIMSS March luncheon, Mac McMillian, CEO of CynergisTek, Inc. and Chair of the HIMSS Privacy & Security Policy Task Force, detailed the HIPAA enforcement landscape and cautioned any business that comes in contact with e-PHI to take the necessary precautions to uphold the laws set forth by HIPAA. McMillian noted that, “since the Breach Notification Rule was issued in [the] fall of 2009 there have been over 80,000 breaches, compromising nearly 22 million patient health records.” These breaches accounted for billions of dollars in fines. McMillian believes the Office of Civil Rights (OCR) has the “latitude to directly investigate business associates for breaches” and will likely begin to do so. With a compliance date set for September 23, 2013, many businesses are making systematic changes to ensure their relationships are detailed in BAAs, and taking the appropriate measures to mitigate the risks associated with breaches of critical healthcare data.
While the focus of Kissinger’s presentation will center on the role data storage companies play in protecting e-PHI, the same principles are applicable to all businesses that are deemed business associates, or agents thereof, by law. The presentation will emphasize the importance for covered entities to seek out relationships with 3rd party vendors, and particularly IT vendors, who both understand the law, as outlined by HIPAA and HITECH, and are making a conscientious effort to achieve compliance under these laws. OnRamp then works with the covered entities and business associates that come in contact with patient data to design and implement systems and applications to build a fully compliant solution that addresses the confidentiality, the availability and the integrity of electronic protected health information (e-PHI).