HIPAA Blog Posts: HIPAA Covered Entity
HHS releases proposed HITECH rule
Foley & Lardner LLP
On July 14, 2010, the Office for Civil Rights of the Department of Health and Human Services (HHS) published a Notice of Proposed Rulemaking (Proposed Rule) that proposes significant changes to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security and Enforcement Rules.
"Vendors seeking to court healthcare clients will now need to pitch not only functionality but a compliance message as well." Report From the Trenches: Health IT Post-HITECH By Ed Moyle TechNewsWorld 07/20/10 5:00 AM PT
"The rule makes it much clearer that the covered entities' responsibilities must go far beyond just having a business associate agreement," Rebecca Herold stresses. Instead, hospitals, clinics and others must work closely with their business partners to make sure they're carefully following the HIPAA privacy and security rules, she adds.
"For those business associates that have not already adopted HIPAA-compliant privacy and security standards for PHI, the risk of criminal and/or civil monetary penalties may spur them to increase their efforts to comply with privacy and security standards." Page 164 NPRM
This NPRM from HHS contains serious warnings to business associates that they expect them to be HIPAA HITECH compliant with their business associate agreements now, and if not, they should get started immediately.
A 234 page NPRM document was released into the Federal Register, which I will wait for the experts to analyze.
Connecticut has settled a lawsuit with an insurance company involving a massive security breach that compromised financial and medical records for half-a-million state residents. Health Net still has to deal with OCR to determine further fines and penalties.
Failing to Train Business Associates on HIPAA Can be Described as Willful Neglect, Amy Leopard , Walter & Haverfield LLP
"Willful neglect generally can be described as knowing HIPAA rules but not properly training employees -- and now, business associates -- in them." Amy Leopard, a partner at the Cleveland law firm Walter & Haverfield LLPibed
Siemens to FedEx to Lincoln will never replace Tinkers to Evers to Chance, the famous baseball double play trio, since they dropped the ball, in fact 130,495 balls. Once again we have business associates causing a big breach.