HITECH HIPAA: Anticipating an Explosion

Road to Health with HITECH HIPAAImportant New Guidelines

While the American Recovery and Reinvestment Act of 2009 was primarily targeted at financial issues and institutions, it added new controls for electronic personal health information, or ePHI. The Health Information Technology for Economic and Clinical Health (HITECH) Act was passed as a part of the legislation. The impact of the beefed up HITECH HIPAA regulations are just now being felt by covered entities.

The Act anticipates a major expansion of the use of electronic health records and a massive increase in the total records created, transmitted and stored. In anticipation of this data explosion, all HIPAA covered entities are being advised to develop proper procedures and policies for privacy protection in advance.

The new regulations introduce a number of new issues and requirements for covered entities and those with whom they do business. These include:

  • At least four additional violation categories
  • Four new levels of penalties that can be assessed for each violation
  • A penalty ceiling of $1.5 million for violations of one specific provision

Ignorance is No Excuse

One significant aspect of the new HITECH HIPAA standards for protection of electronic records it the ability to impose penalties on a covered entity even if a covered entity did not know of a violation, even if it was exercising reasonable diligence.

The bottom line for healthcare providers and any entity dealing with ePHI is that there are essentially no excuses for failing to protect all forms of electronic records of patients. This includes outdated records and those received from other entities.

This expansion of expectations for security and protection of ePHI is a significant issue for all companies and institutions that receive and maintain electronic health information. This also put new standards in place for the proper handling and destruction of all media that might contain such digital records

Many of our clients must adhere to HIPAA regulations, including these new HITECH HIPAA requirements. Got questions about shredding old patient medical/dental records. Call us to discuss how we can assist you in planning to meet the new, stringent requirements for such privacy and for dealing with (and disposing of) all aspects of personal health records, printed and digital.

Are you ready HITECH HIPAA?