Will you be in Phoenix this weekend for NAID 2014? The annual conference held by the National Association for Information Destruction always promises an interesting lineup of speakers, events, and networking opportunities for those involved in all types of data destruction services. One of the hottest topics at this year’s conference is sure to be the U.S. Department of Health and Human Services’ most recent updates to the Health Insurance Portability and Accountability Act (HIPAA).

These changes, called the HIPPA Omnibus Final Rule, expanded the scope of HIPAA far beyond health care providers and insurance companies. Now, any organization that handles the private health information of individuals and their business associates (contractors and subcontractors, for example) must comply with the regulations of HIPAA. Vendors that handle data bearing assets and destroy data fall into the business associate category, and so it’s likely the topic of HIPAA compliance will come up frequently at NAID 2014—from speakers and in conversations among attendees.

Penalties for Noncompliance are Going Up

One major reason HIPAA compliance is on the slate for discussion at NAID 2014 is because the penalties for violations discovered during an audit and, in particular, for actual data breaches are increasing. In response to this increased risk, many companies are strengthening their information and asset management practices.

Where before they were hesitant to do so, some companies are now paying the additional cost for onsite physical destruction of hard drives and other media that may contain private health information. Another option they’re considering is onsite data wiping by an NAID-certified vendor. For some, this is the most cost-effective option, as it allows them to resell their used equipment without risking HIPAA noncompliance.

Who Will Be Talking About HIPAA at NAID 2014?

Let’s take a look at who will be talking about HIPAA in Phoenix this year:

• On Saturday, April 5, at 8 a.m., NAID CEO Bob Johnson will be leading a session entitled “The Regulator’s Perspective: HHS Discusses HIPAA Enforcement.” According to the event schedule, this session will include the perspective of a senior official from the HHS Office for Civil Rights (OCR) on what to expect concerning HIPAA enforcement and penalties in the coming months and years.
• On Sunday, April 6, at 11 a.m., Johnson will again lead a HIPAA discussion, this one entitled “Business Associate’s Survival Kit: Failsafe HIPAA Liability Controls and Strategies.” According to the event schedule, Johnson’s talk will touch on the increased liability that is being placed on service providers by health care companies. Johnson will discuss how HIPAA provides direction on where regulatory responsibilities lie and “failsafe measures that reduce the likelihood of a regulatory violation.”

Whether you’re attending NAID 2014 or not, now is a good time to revisit your company’s data destruction and asset management practices to ensure you’re fully compliant with the latest HIPAA rules. A NAID-certified vendor can help you understand the new regulations and help you choose the best data destruction options to manage cost and risk.