HITECH law and HIPAA

Strengthen your HIPAA compliance and training programs; prepare for new laws under the American Recovery and Reinvestment Act of 2009

"Health Information Technology for Economic and Clinical Health Act" or the "HITECH Act."

The HITECH Act makes business associates de facto covered entities.

Business associates that have not been subject to HIPAA before must become familiar with the new changes in the HITECH Act or risk becoming inadvertently non-compliant and subject to stiff penalties.

What Business Associates need to do?

1. Companies should review and amend their existing policies and procedures,
2. Train staff members regarding the new changes,
3. Evaluate IT and encryption capabilities, 
4. Business associates must comply with the Security Rule, including developing and implementing written security policies and procedures with respect to the electronic PHI they handle.
5. Business associates should ensure that the electronic PHI they transmit is encrypted.
6. Consider appointing someone as a privacy and security officer who will coordinate HIPAA compliance.
7. Maintain a breach log for breaches involving less than 500 individuals
8. Notify the HHS secretary immediately of a breach that involves more than 500 people

Civil and criminal penalties for violating those standards directly apply to business associates.

Civil penalties for HIPAA violations have increased to a range of $100 to $50,000 per violation, with maximum penalties for additional violations in any one year ranging from $25,000 to $1,500,000.

Business associates are now on notice that HHS is not just authorized, but is required to conduct compliance audits of covered entities and business associates.

1) Understand the Recovery Act: The American Recovery and Reinvestmnent act of 2009 became federal law in February 17th 2009.

It includes provisions for heightened enforcement of HIPAA and stiffer penalties for privacy and security violations.

Civil and Criminal Penalties applies to Business associates.

2) Conduct Risk Analysis: Analyze your current system and determine where additional privacy and security controls, policies and procedures applies.

3) Revisit your BA contracts

4) Document your uses, disclosures, and storage of PHI

Privacy Policy by TRUSTe Privacy Policy by TRUSTe