As part of the American Recovery & Reinvestment Act of 2009 (ARRA) that was enacted in February 2009, President Obama signed into law the Health Information Technology for Economic & Clinical Health Act (HITECH). HITECH makes significant changes to the HIPAA privacy and security laws. These changes will impact KaMMCO members as they access, use and disclose protected health information (PHI). Compliance with many HITECH requirements must occur by February 2010. One of the new requirements involving notification to individuals in the event of a breach of privacy regarding unsecured PHI is effective September 23, 2009.
On August 24, 2009, the U.S. Department of Health and Human Services (HHS) issued the Interim Final Rule regarding “Breach Notification for Unsecured Protected Health Information” as it relates to HITECH. The new Breach Notification Regulations are effective for breaches occurring on or after September 23, 2009. The HITECH Act requires notification to individuals in the event of a breach of the security or the privacy of unsecured protected health information. Unsecured protected health information is defined in the Act as protected health information that is not secured through technology or methodology specified by the Secretary of Health and Human Services in the guidance. (For guidance see http://www.hhs.gov/ocr/privacy and access link on right side to “HITECH Breach Notification Interim Final Rule,” then scroll to bottom to access the link entitled “View the Breach Notification Interim Final Regulation.”)
KaMMCO realizes members may need assistance complying with HITECH as the new requirements will likely affect every aspect of operations. Based on these changes, KaMMCO will provide a series of articles that look at the major components of HITECH. For example, HITECH includes new provisions regarding the content, methods and timing of notification to individuals in the event of an unauthorized disclosure of unsecured PHI. The first article in the series by KaMMCO will outline the breach notification process. In addition, a covered entities CHECKLIST with steps to follow to update your privacy and security policies accordingly is posted here (click on the word CHECKLIST). Our intent is to provide helpful insight into HITECH’s impact on your operations and give members fundamental knowledge and understanding of the basic compliance requirements under HITECH.
Topics covered in the six part series are:
HITECH Part I Notification Process of Breach of Unsecured PHI
HITECH Part II Granting Individual’s Request to Limit Disclosures of PHI in Some Cases in Some Cases
HITECH Part III Increased Accounting Obligations if Covered Entities Use Electronic Health Records
HITECH Part IV Covered Entities Must Make Accounting Available to Individual in Electronic Format
HITECH Part V Covered Entities Cannot Get Remuneration for PHI
HITECH Part VI Limitations on Marketing
At right, simply click on the Part that you wish to review.
SAMPLE BUSINESS ASSOCIATE AGREEMENT Form
|