HIPAA HITECH RESOURCE CENTER
Everything a BA or CE Needs to Know in One Place
Email us or call 404-418-5550 if we can help you "Get Compliant, Stay Compliant and Protect Your Clients ePHI"
What BA's and CE's Must Do To Be HIPAA HITECH Compliant
Updated Verbatim friom HHS NPRM Guidance 7/2010:
“We assume that business associates in compliance with their contracts (editor - i.e carrier BA agreements) would have already:
What is HITECH: The Health Information Technology for Economic and Clinical Health Act (HITECH) significantly expanded the reach of the HIPAA Privacy Rule and Security Rule, along with the corresponding penalties.
What does HITECH Do?
Why HITECH Applies to You – Brokers/agents are BA’s if they have BA agreements with any insurer and/or receive, create, transmit or maintain personal health information (PHI). Census, enrollment, claims info et al are PHI.
Required Compliance Activities Overview - These actvitites need to be done by all BA’s, regardless of size:
New Breach Rules - HITECH establishes mandatory federal breach reporting requirements for HIPAA CE’s and their BA’s, as well as a new “Tattle” rule which requires BA’s to report their CE’s breaches. It also requires local media notification as mandatory if a breach involves 500 or more lives in one state.
New Enforcement and Penalties - State Attorneys General to can now take legal action on HIPAA privacy/security violations. CT took the first action against Health Net last month. BAs that violate the security and privacy provisions of HIPAA are subject to the same new and beefed up civil and criminal penalties as a covered entity:
Compliance Deadline – Was 2/17/2010. Failure to be compliant will likely be viewed as “willful neglect”. There is no such thing as partial compliance. It is all or nothing for all CE’s and BA’s, not just you.