Skip to main content

Home/ WPPS C-Suite News/ Group items tagged HHS

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
sandy ingram

HITECH now specifically requires the business associate to notify their partner so that... - 0 views

www.technewsworld.com/...alth-IT-Post-HITECH-70443.html

Breach Law healthcare compliance HHS notification hitech hipaa

shared by sandy ingram on 02 Aug 10 - Cached
  • The total impact to the institution is difficult to quantify. Obviously no organization wants the negative press. It's the kind of thing that loses patients and makes the institution less appealing when trying to attract physicians.
  • Under the breach notification requirements of the HITECH Act (Title XIII of the American Recovery and Reinvestment Act), lost or stolen unencrypted records such as these requires notification to Health and Human Services for the public posting of the institution to HHS' "wall of shame," or public list of breaches involving more than 500 individuals. If you go to the HHS website right now, you'll see this incident listed there -- along with an ever-increasing laundry list of other institutions in the same boat.
  • This very public example of HITECH in action underscores just one of the many ways that the law has altered the way that healthcare does business. While the full impact of the law won't be seen for quite some time to come, we're starting to see some radical changes in the way that hospitals approach security and compliance.
  • ...7 more annotations...
  • Security Breaches From a provider point of view, probably the biggest impact from a security and compliance standpoint stems from the relatively strict breach disclosure requirements within the law. Covered entities not only need to notify in writing the individuals whose data was lost, but they also are required to notify HHS of the data loss.
  • Vendor Impact In addition to expanded disclosure provisions for business associates, HITECH also changes the landscape for them in that they now have a higher bar to meet in terms of their own security requirements
  • Under the law, business associates now have to meet the same bar as covered entities when it comes to the security rule.
  • However, covered entities are not alone in shouldering the burden of these more stringent rules. Business associates also have a role to play under the new provisions. Business associates now need to make sure that they report possible breaches to partners/customers and that they provide enough data for the covered entities to tell who was impacted and what type of data it was -- in other words, enough data for covered entities to fulfill their disclosure obligations. Whereas in the past a breach might occur at a business associate with nobody at the covered entity the wiser
  • HITECH now specifically requires the business associate to notify their partner so that the individuals impacted can be apprised.
  • Clearly, as applications move outside of the provider (for example, due to cloud computing) and more and more vendors move in to participate, rising numbers of vendors, hosting providers, and other service providers find themselves becoming "business associates" and inheriting security requirements that they're unfamiliar with. Even vendors not specifically targeting the healthcare market may find themselves in the direct path of the regs and obligated to change how they do business in response.
  • Vendors seeking to court healthcare clients will now need to pitch not only functionality but a compliance message as well.
  • sandy ingram on 02 Aug 10
     
    Just a few weeks ago, Lincoln Medical and Mental Health Center learned a hard lesson. If you didn't see the news reports, the N.Y.-based healthcare provider notified over 130,000 individuals that their records -- including diagnostic information, Social Security numbers, dates of birth, and other information of use to identity thieves -- was potentially lost."
1 - 1 of 1
Showing 20 items per page