The federal government recently passed significant revisions to the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These revisions, called the HITECH Act, require both Covered Entities (health care providers that conduct transactions of protected health information (PHI) in electronic format) and Business Associates (entities that perform a function or provide a service involving the use of PHI) to report any breaches of unsecured PHI.
Depending on the severity of a breach, Covered Entities or Business Associates may be required to notify the individual whose PHI was leaked, the Secretary of the Department of Health and Human Services, and the media. In other words, there’s a lot to know and for many health care industry service providers, parsing through the statute and rules to understand these notification requirements is a daunting and time-consuming task.
The HITECH Guide dissects the statute and rules and breaks the requirements down into language aimed at business owners and IT professionals. The Guide includes definition of a breach, breach notification requirements, and a recommended procedure in the event of a breach.
Source: Scott & Scott LLP
Related Posts
A balancing act: Consumer control and EHR security- Free webiner explores protection of patient records
- OCR reaches seven-figure HIPAA settlement over stolen device
- Proposed HIPAA rule may make safeguards more strict
- Proposal for patients’ private rules
- New HIPAA regulations go into effect February 17
