When and why did HIPAA/HITECH Compliance start?
In 2006, President Clinton enacted the Health Insurance Portability & Accountability Act (HIPAA), after a growing public concern about how private health care information was being used. In 2009, I'm sure you recall that President Obama signed the American Recovery and Reinvestment Act (otherwise known as the STIMULUS). Included in that legislation was the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), as a result of the growing digital/electronic environment in the country.
One of the primary purposes of the HITECH Act was to improve the US health system through the development of a stronger health information infrastructure. Incentives were designed for health care providers to implement Electronic Medical Record (EMR) systems, in order to achieve the goal of establish a national health care records system.
Along with the medical record provisions of the act, several privacy, security and breach notification rules were enacted. The overall goals of these rules are to ensure that Protected Health Information (PHI) is secure, and only accessible by patients, and others with a “need to know” rights. As more and more health information becomes digitized and available electronically, the risks of breach have grown rapidly.
Is my company affected by these new rules?
If you are a health care provider of any kind (otherwise known as a “Covered Entity”), then you must fully comply with all of the provisions of HIPAA HITECH. In addition, if your company provides certain services for a Covered Entity, which involves the use and/or disclosure of Protected Health Information (PHI), you are considered a “Business Associate”, and are also bound by HIPAA HITECH [see our previous blog for details on the types of businesses that could be considered a Business Associate].
Click here to read Part 2 of this blog series: HIPAA/HITECH Compliance: What You Need to Know About Patient Health Information (PHI)
Or, for more information on HIPAA/HITECH Compliance, please contact Brian Rosenfelt with Skoda Minotti Technology Partners by calling 440-449-6800.