Tim Trow, MSIA student
The Health Information Technology for Economic and Clinical Health Act, or more commonly known as the HITECH Act, is part of the American Recovery and Reinvestment Act of 2009. This act appears to put some teeth ino the HIPAA regulation of 1996. The HITECH Act wants to provide some general and specific incentives for companies to adopt the electronic health record (EHR) systems for health organizations. With these incentives also comes greater increased privacy and security protections for consumers and potential increased liability for those that are not in compliance.
There are three main components to the new HITECH Act. They include:
1. Enforcement: Civil penalties have been increased under the new act. These penalties can exceed $250,000, with repeatable violations extending to $1.5 million. The new act also allows a state attorney general to bring an action on behalf of his or her residents. Also, HHS is now required to conduct periodic audits of covered entities and business associates.
2. Notification of breach: HITECH now imposes data breach notification requirements for unauthorized uses and disclosures of PHI. These are similar to the existing state data breach laws. This outlines the importance of this new act and how it is going to react to privacy and security concerns in regards to protection and reporting of known breaches of PII.
3. Business associates: Under the HITECH Act, business associates are now directly "on the compliance hook" since they are required to comply with the safeguards contained in the Security Rule. Most software vendors providing EHR systems will most likely qualify as business associates.
Companies and health providers should take a serious look at their current status in regards to HIPAA and more specifically around the new HITECH Act. There are some great incentives for health organizations that decide to comply with the new HITECH Act. Health providers can start by performing a Gap assessment of their current environment in relation to HIPAA regulations and the HITECH Act. A Gap assessment will provide a roadmap to address any deficiencies and should also include an evaluation of the current information security program that should address the three key components outlined above. A third-party, business associate program should be outlined to address and manage your key business partners. In addition, a formal data breach policy and process needs to be developed and supported by the organization’s leadership team. Lastly, legal and executive management need to understand the consequences and risk associated with not complying with HIPAA and the new HITECH Act.
1. Enforcement: Civil penalties have been increased under the new act. These penalties can exceed $250,000, with repeatable violations extending to $1.5 million. The new act also allows a state attorney general to bring an action on behalf of his or her residents. Also, HHS is now required to conduct periodic audits of covered entities and business associates.
2. Notification of breach: HITECH now imposes data breach notification requirements for unauthorized uses and disclosures of PHI. These are similar to the existing state data breach laws. This outlines the importance of this new act and how it is going to react to privacy and security concerns in regards to protection and reporting of known breaches of PII.
3. Business associates: Under the HITECH Act, business associates are now directly "on the compliance hook" since they are required to comply with the safeguards contained in the Security Rule. Most software vendors providing EHR systems will most likely qualify as business associates.
Companies and health providers should take a serious look at their current status in regards to HIPAA and more specifically around the new HITECH Act. There are some great incentives for health organizations that decide to comply with the new HITECH Act. Health providers can start by performing a Gap assessment of their current environment in relation to HIPAA regulations and the HITECH Act. A Gap assessment will provide a roadmap to address any deficiencies and should also include an evaluation of the current information security program that should address the three key components outlined above. A third-party, business associate program should be outlined to address and manage your key business partners. In addition, a formal data breach policy and process needs to be developed and supported by the organization’s leadership team. Lastly, legal and executive management need to understand the consequences and risk associated with not complying with HIPAA and the new HITECH Act.
Last week’s Quiz Question
Question: What is the statue of on the top of the Vermont state capitol dome?
Answer: Agriculture (or Ceres)
Winner: Scott Madden
This week’s quiz question
What fact about South Hall makes it unique among Norwich University buildings?
Past winners Andrey N. Chernyaev: 5 wins Matt Bambrick: 3 wins |
Dianne Tarpy: 2 wins Bill Lampe: 2 wins Scott Madden: 2 wins |
Sam Moore |
Autumn Crossett |
Gil Varney, Jr. |
Glen Calvo |
Thomas Reardon |
Sherryl Fraser |
Srinivas Chandrasekar |
Marc Ariano |
Linda Rosa |
Joanna D'Aquanni |
Srinivas Bedre Christian Sandy Joseph Puchalski Ken Desforges |
Tim....ROCKS!!!
ReplyDelete