HIPAA Security and HITECH

Resources to understand expansion of HIPAA under HITECH Act

The American Recovery and Reinvestment Act of 2009 was signed in February of 2009. A portion of the bill created  included the HITECH Act.  The HITECH Act as we all know provides Medicare and Medicaid incentives for hospitals and physicians to adopt certified electronic health records (EHRs). The act also substantially expands the HIPAA Privacy and Security Rules and increases the penalties for HIPAA violations. HIPAA privacy and security are also required in two objectives for Eligible Professionals in Stage 1 Meaningful Use.

To help you gain a greater understanding we’ve listed some resources to explore:

ONC’s Office of the Chief Privacy Officer (OCPO) has released a new guide for providers and their staff to help understand HIPAA  privacy and security when it comes to electronic health records (EHRs) and meaningful use. “Guide to Privacy and Security of Health Information” is a comprehensive tool assisting professionals in integrating privacy and security into their practices.

The National Institute of Standards and Technology (NIST) operates as part of the U.S. Department of Commerce and provides “An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (SP 800-66 Revision 1)”.  You can download this guide here.

We recently focused on HIPAA Security and Privacy on our weekly internet radio show The EHR Zone.  You can listen to two recent podcasts:

4/25/12: EHR and HIPAA Security

4/11/12: HIPAA Privacy Issues

Finally, you can download these three new white papers we’ve added to the site:

2012 HIPAA Audits: Will the Past Predict the Future?
This white paper reviews agency audit and other enforcement activities from 2003 to 2011, identifies what is known about the 2012 audits, and extracts some insights from the historic agency audit and enforcement activities. Read more…

Preparing for HIPAA Security Rule Again; now, with Teeth from the HITECH Act
This white paper looks at how the HITECH Act of 2009  significantly modified and strengthened many aspects of the HIPAA Security Rule, including the penalties that the HHS could impose for violations of the HIPAA rules. Read more…

HIPAA Security Final Rule and Data Backup Implementation
This white paper sets the record straight on a very specific aspect of the HIPAA Security Final Rule – the Data Backup and Disaster Recovery Implementation Specifications within the Contingency Plan Standard. Read more…