Tuesday, November 26, 2013

Medical Solutions - HITECH ACT Takeaways

Telamon recently participated in the Indiana Healthcare Symposium on November 13, 2013.
The symposium focused on many topics, but specifically an impactful presentation on the changes in the HITECH Act. The HITECH Act is the Health Information Technology for Economic and Clinical Health Act, which “seeks to improve American health care delivery and patient care”. The HITECH Act specifically lists IT standards and requirements for security and safety. 

In attendance, Stephen Etter, Telamon Medical Solutions Technical Writer, captured the following summary changes in the HITECH Act that is important for service provider and IT companies to understand:

Final Rule:

HITECH Increased Enforcement: 

  • Reasonably Unaware: $100.00 per violation; $25,000 max per year
  • Reasonable Cause: $1,000 per violation; $100,000 max per year
  • Willful Neglect - $10,000 per violation; $250,000 max per year; $50,000 violation; $1.5 million per year if not corrected in 30 days
OCR Recent Enforcement: 

Affinty Health Plan - 1.2 million
Wellpoint - 1.7 million

Business Associates:

BA and subcontractors now have direct liability and will be subject to HIPAA Audits.
BA must have Risk Analysis and Policy/Procedures for security safeguards per the final rule.

Breach Notification: 

New breach notification procedures and policies went into effect. BA or Health Organizations have to tell the individual even if there is a minimal risk to their data. Acquisition, access, use or disclosure of unsecured PHI is not permitted by the Privacy Rule unless there is low probability the PHI has been compromised based on risk assessment. Standard of 500 + patients must require notification to the media and notification to the Secretary.

Risk Factors:

1. Nature and extent of PHI involved, including types of identifiers and likelihood of re-id
2. Unauthorized person who used PHI or to whom disclosure was made
3. Whether PHI was actually acquired or viewed
4. Extent to which risk to PHI has been mitigated

No comments:

Post a Comment