HIPAA Compliance Considerations in 2022


Things You Need to Consider About HIPAA Compliance

President Bill Clinton passed a federal law in the United States in 1996 to create security and privacy requirements for the processing of personal health information. 

HIPAA Compliance
HIPAA Compliance

HIPAA requires that all covered entities, healthcare plans, and clearinghouses protect the confidentiality and security of protected health information. The term “protected health information” includes any individually identifiable health information transmitted or maintained in any form or media, including oral communication.

History of HIPAA

Following widely publicized data breaches, such as the one that happened when medical records saved on paper were lost, HIPAA was established to improve the security and privacy of health information.

Covered entities under HIPAA must meet general privacy standards and specific ones relating to safeguarding health information. Covered entities must also follow many notification requirements in a data breach.

Protecting the confidentiality and safety of sensitive information, such as medical data, is the primary purpose of the HIPAA. Organizations that fall within HIPAA’s purview are obligated to adhere to a plethora of regulations and other pieces of law, including the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA Compliance Considerations in 2022

Many state health privacy offices may also be considering changes to their laws.

Updating the HIPAA rules is essential to protect patient privacy and minimize the risks associated with human error and fraudulent activity. 

Several fundamental changes will likely impact organizations pursuing HIPAA compliance in 2022.

Increased Right to Access Information

Covered entities now have a new obligation to facilitate an individual’s access to their health information and the initial rights granted to them by HIPAA and describe the reasons for which health information may be used and disclosed by covered organizations. These rights describe how covered entities may use and disclose health information.

Once this right of access has been granted, individuals can request and obtain electronic copies of their medical records. Additionally, individuals must have access to their medical records as soon as possible. If a data breach occurs, and this data is not in electronic format, the individual will be able to access it through other methods such as paper copies.

Notification of Breaches

Covered entities must notify the Secretary of HHS (Secretary) and all affected individuals when protected health information is breached. This notification must be done within 60 days of discovery.

New Laws

The HITECH Act, which was passed into law in 2009, is another piece of legislation that the firms that fall under this mandate are required to consider. Health and Human Services Secretary has new enforcement powers under the HITECH Act. Under HIPAA, the law limited this authority to monetary penalties and any federal health plan business loss. With the HITECH Act, the Secretary has additional tools at their disposal, including civil money penalties, exclusion from federal health plan programs, and mandated corrective action plans.

New Technologies

HIPAA regulations make it more challenging to preserve the privacy and security of medical information, which is crucial to the operation of any healthcare organization. In recent years, many notable data breaches have occurred at hospitals, physicians’ offices, and pharmacies. HIPAA compliance is necessary for all healthcare organizations to ensure that their patient’s private information is protected.

Organizations are trying to be more successful at handling their citizens’ private information by implementing certain technologies. Patients’ medical records should be accessible in a centralized place. The patient must first prove their identity to have access to these documents. PokitDok has worked with a broad range of healthcare organizations to implement this technology effectively.

HIPAA Compliance Through Blockchain

Several organizations are already attempting to implement this technology to be more compliant with HIPAA. For example, PokitDok, a company created by Sean Murphy, uses blockchain technology to store medical records. Medical records for patients should be available in a single location. The patient must first verify themselves to have access to this data. PokitDok has collaborated with other healthcare organizations to use this technology.

Broadened Healthcare Operations Definition

The Omnibus Rule also adds a new definition for “healthcare operations” for the HIPAA regulations. Healthcare operations are defined as those activities that pertain to “the provisioning and management of health care and related services.” They do not include actions designed to improve the quality of care provided, reduce costs, or support research.


This type of advanced security helps ensure the safety and privacy of patient data if healthcare organizations are breached. Implementing blockchain technology is not a simple process; however, it can be effective if implemented correctly. Project management is a critical component of the success of any healthcare initiative, and healthcare organizations that wish to maintain their level of HIPAA compliance must start by understanding their current state. For more information regarding HIPAA, check out our blog now.


Please enter your comment!
Please enter your name here