Hospitals, health plan sponsors, health care providers, and their vendors need to act immediately to appropriate the new rules introduced by the Health Information Technology for Economic and Clinical Health Act (HITECH). HITECH (enacted as part of the American Recovery and Reinvestment Act of 2009) makes significant changes to HIPAA, including changes that make subservient various vendors directly to privacy and security requirements and require notice to individuals whose information is affected by a breach of privacy.
By February 17, 2010, health plan sponsors and health care providers should review and update their HIPAA forms to comply with the HITECH rules concerning such things as:
- Internal policies and procedures
- Notice of privacy practices
- HIPAA plan amendments
- Agreements with vendors (business associates) who handle individually identifiable health information
Business associates under HIPAA will, for the first time, be directly subject to a number of HIPAA’s privacy requirements and virtually all of its security requirements. If your organism is a covered business associate, you will need to make sure that you have the necessary documentation in place to comply with the applicable rules and designate a Security Official.
On February 22, 2010, the new HITECH Act breach notification requirements become enforceable. Hospitals, health plans, health care providers, and business associates will need to be alert for potential data breaches. Each may be required to act immediately in the event of a crack that ultimately requires notice to affected individuals, the U.S. Department of Health and Human Services, and, on the supposition that the breach impacts 500 or more people, local media.
All organizations covered by the new regulations will need to make sure that appropriate procedures are in lay before breaches be met with to allow enough time to investigate that breach and produce and deliver appropriate notices within the prescribed period. Training for relevant members of the workforce is also required.
For more information on the HITECH Act, organizations are encouraged to call Identity Force at 1-877-IDFORCE, or to visit our Web site at www.identityforce.com.
Similar Posts:
- Confusing and Ineffective Data Breach Regulations Cause Problems for Both Businesses and Consumers
- New Healthcare Data Breach Solution
- McAfees 10 Tips To Secure New Devices and Guard Against Cybercrime in 2011
- 1.9 Million Affected by Health Net Data Breach
- Data Breach Act in Congress
no comment until now