The federal government recently passed significant revisions to the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These revisions, called the HITECH Act, require both Covered Entities (health care providers that conduct transactions of protected health information (PHI) in electronic format) and Business Associates (entities that perform a function or provide a service involving the use of PHI) to report any breaches of unsecured PHI.
Depending on the severity of a breach, Covered Entities or Business Associates may be required to notify the individual whose PHI was leaked, the Secretary of the Department of Health and Human Services, and the media. In other words, there’s a lot to know and for many health care industry service providers, parsing through the statute and rules to understand these notification requirements is a daunting and time-consuming task.
The HITECH Guide dissects the statute and rules and breaks the requirements down into language aimed at business owners and IT professionals. The Guide includes definition of a breach, breach notification requirements, and a recommended procedure in the event of a breach.
Source: Scott & Scott LLP
