The Health Information Technology for Economic and Clinical Heath (HITECH) Act significantly modified their rules, which will impact numerous healthcare organizations.
The HITECH Act became effective on February 18, 2009 to promote the adoption and meaningful use of health information technology. However, privacy became a concern and the HITECH met to established four categories of violations with a maximum penalty amount of $1.5 million for all violators who misuse the information.
Now, the Office for Civil Rights of the Department of Health and Human Services (OCR) has issued regulations requiring Covered Entities and Business Associates to comply with the security breach notifications.
The OCR has also proposed revisions to the HIPAA Privacy and Security Rules to implement various additional changes. These changes will subject Business Associates and their subcontractors to the same potential civil and criminal penalties for non-compliant healthcare companies.
Rick Hindmand, a member of the Chicago office of law firm McDonald Hopkins LLC said red tape has made it difficult to move this process along. “There is no question that these ongoing delays make it difficult to set information security investment priorities and to implement appropriate systems, policies, and procedures,” Hindmand told The Sacramento Bee.
Hindmand said there are incentives and preparation is key and could begin right away. “Even so, healthcare organizations and their business associates and subcontractors can take various actions to prepare for the final HIPAA rule modifications,” said Hindmand.
The ORC said they expected to issue final regulations later this year, but as Hindmand said there has been numerous delays, which have essentially, pushed back the final ruling regarding the changes.
Nav Ranajee, director of CoreLink’s Healthcare IT Vertical, told The Sacramento Bee, that all parties involved need to come together to eliminate security risks. “Irrespective of HITECH regulations’ final form, all responsible parties must be prepared to take specific steps including performing a risk analysis to spot potential HIPAA security gaps,” said Ranajee.
Ranajee said there are cost effective options for healthcare organizations wanting to meet the new HIPAA standards.
Edited by
Jennifer Russell
