HITECH Act Breach Notification Deadlines Are Here

Entities Mentioned

• Identity Force
• Health Information Technology for Economic

1. 

   Hospitals, health plan sponsors, health care providers, and their vendors need to act immediately to meet the new rules introduced by the Health Information Technology for Economic and Clinical Health Act (HITECH). HITECH (enacted as part of the American Recovery and Reinvestment Act of 2009) makes significant changes to HIPAA, including changes that subject various vendors directly to privacy and security requirements and require notice to individuals whose information is affected by a breach of privacy.   

   By February 17, 2010, health plan sponsors and health care providers should review and update their HIPAA forms to comply with the HITECH rules concerning such things as:

   • Internal policies and procedures
   • Notice of privacy practices
   • HIPAA plan amendments
   • Agreements with vendors (business associates) who handle individually identifiable health information

   Business associates under HIPAA will, for the first time, be directly subject to a number of HIPAA's privacy requirements and virtually all of its security requirements. If your organization is a covered business associate, you will need to make sure that you have the necessary documentation in place to comply with the applicable rules and designate a Security Official.

   On February 22, 2010, the new HITECH Act breach notification requirements become enforceable. Hospitals, health plans, health care providers, and business associates will need to be alert for potential data breaches. Each may be required to act immediately in the event of a breach that ultimately requires notice to affected individuals, the U.S. Department of Health and Human Services, and, if the breach impacts 500 or more people, local media.

   All organizations covered by the new regulations will need to make sure that appropriate procedures are in place before breaches occur to allow enough time to investigate that breach and produce and deliver appropriate notices within the prescribed period.  Training for relevant members of the workforce is also required.

   For more information on the HITECH Act, organizations are encouraged to call Identity Force at 1-877-IDFORCE, or to visit our Web site at www.identityforce.com.

   Bookmark or Share this article

   
   

   Related Articles

   • Red Flags Rule: It is time to do the right thing.
   • also written by Steven Bearak
   • The Identity Score: Measuring People’s Real Risk of Identity Theft
   • also written by Steven Bearak
   • The American Hospital Association Awards its Endorsement to ...
   • also categorized in Healthcare
   • Vague Regulations Increase Medical Identity Theft Risks
   • also written by Steven Bearak
   • Hospitals and Identity Theft Compliance: Unavoidable
   • also published in Identity Force Blog

   • Missing package contains personal information of 1500 patients.
   • also categorized in Healthcare
   • 10 Easy Steps That Will Thwart Identity Theft on Our Nation’s Campuses
   • also written by Steven Bearak
   • Stolen laptop contains patient details of 5,000
   • also categorized in Healthcare
   • The American Hospital Association Awards its Endorsement to ...
   • also categorized in Healthcare
   • American Hospital Association Awards its Exclusive Endorsement to Identity Force’s Identity Protection, Compliance and Data Breach Solutions
   • also published in Identity Force Blog

Login to comment.