HIPAA Blog Posts: HIPAA Covered Entity
Business Associates (BA) and Sub-Contractors (Subs) have a new challenge; becoming HIPAA HITECH compliant, staying compliant, and proving compliance.
New technology and methodology combined with decades of compliance experience have come together in the Master Program, designed to deliver a cost effective and efficient method of managing hundreds of healthcare entities as they seek to get HIPAA HITECH compliant, stay compliant, and prove compliance.
“Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.” According to this official document, the HHS will issue the final rule in March of 2011." Rebecca Herold
In summary, while the HITECH enforcement era has been slow to emerge, we can expect at least a modest uptick in 2011, particularly when the final HITECH rules take effect. In addition, we may see enforcement steps-potentially with higher penalties or other consequences-by both relevant state agencies and the FTC.
"Whether a breach results from human error (a typical cause for breach) or from organized or individual cyber crime such as hacking and stolen laptops (a less typical, but increasing risk), insurance companies such as Chartis, Beazley, and Hiscox are willing to underwrite certain computer security risks and cover specified losses that may be incurred by an insured from a PHI security breach."
With the release of the Master Program, Compliance Helper now has HIPAA HITECH solutions for the largest covered entities and business associates, as well as the smallest Sub-Contractor.
"However, as the health care system moves inexorably towards electronic health records — and as more and more protected health information is stored and moved in electronic form — all covered entities should be paying attention to the security of their information systems, because the culture of HIPAA compliance is changing."
Automatic fines: HITECH, HIPAA and willful neglect the importance of policies and procedures,Dickinson Wright PLLC, Craig A. Phillips and Tatiana Melnik
"Business associates. The HITECH Act expanded the scope and application of HIPAA to directly apply several of HIPAA’s security and privacy requirements to business associates. Among other provisions, this expansion includes the Policies and Procedures and Documentation Requirements outlined in 45 CFR § 164.316, which requires organizations to “[i]mplement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements” of the Security Rule."
Additionally, OCR, developing a HITECH Act required "periodic audit" plan, which will be targeted to ensure that covered entities and business associates comply with the requirements of the Privacy and Security Rules.
(b)(1) Standard: Business associate contracts and other arrangements. A covered entity, in accordance with §164.306, may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity's behalf only if the covered entity obtains satisfactory assurances, in accordance with §164.314(a) that the business associate will appropriately safeguard the information.