Kathy Kudner Offers Perspective on Small and Non-Healthcare Organizations’ HIPAA Needs

In a two-part series, published in EHR Intelligence/Health IT Security, a leading online source for news and information on the Health IT Security industry, Kathrin E. Kudner, Ann Arbor-based member in Dykema’s Health Care practice, offers her insights into what small businesses and non-healthcare companies should be doing to accommodate the new omnibus regulations created by the enactment of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

In the first installment of this series (published September 4, 2013), Kudner observes that while large hospitals are fairly astute and understand HIPAA well, many smaller healthcare providers (such as physician groups, hospices, nursing homes and home health organizations) as well as non-healthcare clients (such as banks or other conduit organizations) have lots of questions regarding the new regulations. For many of these enterprises, the biggest new learning is that now—rather than just a privacy policy and security policy—there need to be “a number of policies” that cover a wide range of issues: from breach notifications to marketing, protected health information (PHI) sales to using genetic information.

In the second part of the interview (published September 9, 2013), Kudner outlines the many tasks that companies who wish to adhere to HIPAA guidelines must follow.  She notes that Dykema has developed a HIPAA preparation checklist that clients have found to be a helpful guide. Kudner also observes that the firm can provide clients a security risk analysis that can be completed either with the client’s internal IT department or its outside IT supplier.