The general effective date for HITECH HIPAA provisions is February 17, 2010

Continue reading…

The HIPAA HITECH Compliance Meter (tm)

The Compliance Meter (tm) displays the level of ongoing compliance for a facility needing to meet HIPAA HITECH Act privacy and security standards.

Continue reading…

HIPAA HITECH Covered Entities Compliance Responsibilities

Continue reading…


What are the responsibilities of a covered entity for their business associates' compliance?  Differences of opinion abound.

Continue reading…


Denial is the first stage for many small covered entities and business associates when confronted with the HITECH Act.  Finding first small steps towards compliance are important.  Getting started is crucial.

Continue reading…

Business Associate Agreements

Business Associate Agreements are not enough!  Covered entities must have an active program for ensuring that their business associates are compliant.

Continue reading…

Covered Entities Responsible for Business Associates

Continue reading…

HITECH and Business Associates

By applying the same rules to business associates that formerly only applied to covered entities HITECH has dramatically changed the  playing field.  First, a lot of business associates are unaware of these new requirements.  I tried an experiment at a recent trade show by asking everyone I encountered what they knew about the HITECH Act and got a universal "blank stare" response.  Secondly, many ot the business associates do not have trained compliance, privacy, or security staff.  And finally because the covered entities have responsibility for their business associates they need to demand a way of confirming that their business associates are in compliance on an ongoing basis.

All of this requires a rethinking of the compliance process.  As experts at helping small healthcare entities attain and maintain accreditation we see many similarities.  The business associates need tools, and trained experts to assist them in attaining and maintaining compliance and then they need an ability to report this to their covered entities.  Take a look at the demo at www.compliancehelper.com  to see how this can be accomplished.

Continue reading…

Stimulus Bill: Some Strings Attached

ARRA or the Stimulus Bill allocates $20 billion for expansion of the use of electronic medical records (EMR) but there are some new strings attached, namely The HITECH Act.  This stands for Health Information Technology Economic and Clinical Health Act which we will all gratefully call the HITECH Act.  Essentially it raises the bar for protection of patient healthcare informatio (PHI) particularly for what are termed, business associates.

Business associates are all the companies that do business with covered entities which posess PHI.  Technically it is only those who might have access to PHI but you can be sure that the covered entities will error on the side of caution because they are now responsilbe for their business associates.  In the past all the covered entity needed was an agreement signed by the business assoicate essentially promising to "be careful".  Now if there is a breach by the business associate the covered entity is responsible also. A breach is any exposure of PHI to unauthorized entities. 

"Willfull Neglect" a somewhat ambiguous term that will make the covered entities even more paranoid is included in the law.  It means that passive won't cut the mustard, the covered entity must have an active program to ensure that their business associates are in compliance with the new HIPAA HITECH Act.

Next we will discuss what compliance entails for both the covered entity and business associate.

Our privacy and security expert and partner Rebecca Herold (The Privacy Professor) has many erudite and scholarly articles, books, webinars, tv programs blogs, and tweets on these subjects at www.privacyguidance.com/ but I will try to add the layman's voice to the subject in my blog.



Continue reading…