If you haven’t been paying attention, now is a good time to start. The recently passed American Recovery and Reinvestment Act of 2009 adds stunning, strict new provisions to the already-stringent federal health care legislation, HIPAA. In particular, the changes include:
- Serious ramifications for business associates, or organizations that have signed agreements with health care organizations to handle patient data. Business Associates are now directly subject to the HIPAA Privacy and Security rule, and must implement all the safeguards employed by fully covered entities. The agreements themselves must be revised, a significant effort for most medium to large sized health care organizations.
- New data breach notification requirements. Any protected health information (PHI) that has been compromised (accessed or disclosed, essentially) and is not encrypted must be disclosed to the affected individual and the Department of Health and Human Services. Breaches affecting 500 or more individuals must also be reported to the media.
- Increased enforcement and auditing abilities. The DHHS will now be required to perform a formal investigation if a HIPAA complaint is received. Penalties for violations are also increased.
- Accounting for treatment, payment, and health care operations for patients that request it. This might seem innocuous on the surface, but most large health care institutions face significant challenges with understanding full footprint of a patient’s health record. The change will create significant administrative burdens, new technical projects, and serious revisions to policies and procedures within and outside of IT.
These changes seem to have taken the compliance industry by surprise. Few blogs, even those focused on HIPAA, have any analysis. At the time of this writing, Wikipedia neglects to mention the HITECH Act section of the stimulus package that includes the sweeping changes (only a vague $19 billion reference to “health information technology”). This article covers the changes in some detail. In depth analysis here.
![[Slashdot]](/wp-content/plugins/slashdot.ico){kind=small}
![[Digg]](/wp-content/plugins/digg.ico){kind=small}
![[Reddit]](/wp-content/plugins/reddit.ico){kind=small}
![[del.icio.us]](/wp-content/plugins/delicious.gif){kind=small}
![[Technorati]](/wp-content/plugins/technorati.ico){kind=small}
![[StumbleUpon]](/wp-content/plugins/stumbleupon.ico){kind=small}
Leave a Comment