OCR has established privacy advisors in each of its regional offices to provide HIPAA privacy and security guidance and education. HITECH required the HHS secretary to designate an individual in each of its regional offices.
Don't wait for OCR to publish all the HITECH implementation rules before taking action, Apgar said during "Business Associate Action Plan: Comply with HITECH by February Deadline," a recent HCPro audio conference.
On August 19, 2009, HHS released its interim final rule on breach notification of unsecure protected health information (PHI) and the acceptable methods for covered entities (CE) and business associates (BA) to encrypt and destroy patient records to prevent breaches.
Booz Allen Hamilton, a McLean, VA–based firm that was commissioned in 2008 by the Office of the National Coordinator for Health Information Technology to research medical identity theft in the United States, says all facilities can adopt the following strategies:
SenditCertified offers a unique solution: It supports the encryption of transmitted PHI that meets National Institute of Standards and Technology (NIST) standards. SenditCertified also supports other security safeguards and provides practical tools to assist in avoiding a breach of PHI, as well as related business tools.
Major breaches of patient information in 2009 break down into three types: snoopers, hackers, and those involving large quantities of data. Let's examine the top breach of each type and find out what facilities can do to prevent similar problems.
Under HITECH—approved as part of the American Recovery and Reinvestment Act—business associates (BA) must now comply with the HIPAA security rule, the use and disclosure provisions of the HIPAA privacy rule, and new HITECH privacy and security provisions.
Determine whether and how you’re vulnerable, as well as whether revising your policies and beefing up your education to specifically address these privacy concerns is enough to satisfy your HIPAA responsibilities and the wants of your staff members.
