Mark your calendars for the online HIMSS Executive Briefing event, “Privacy and Security: Practical Solutions for a Changing Landscape,” scheduled for December 14 from 9 a.m. to 4:00 p.m. CST. Kroll’s own Karen Schuler, CFE, will be presenting a session for the event: “HIPAA and HITECH in the Real World,” from noon to 1:00 p.m.
California continues to tinker with its notification laws, and as mentioned in the first of this two-part series, these will be effective January 1, 2012. The California amendment requires that breach notification be written in plain language and contain:
In the previous segments of this series, we introduced two recent federal regulations that are poised to have a significant effect on the health care industry – the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Identity Theft Red Flags and Notices of Address Discrepancy (Red Flags Rule).
As the previous segments discussed, both HITECH and the Red Flags Rule establish new and complex regulatory requirements. Without a doubt, the best defense against regulatory fever is prevention through proactive planning. However, this is certainly easier said than done. While the regulatory framework of HITECH and the Red Flags Rule are complex, perhaps the most troubling aspect is the emerging IT market structure and its interplay with the new regulations.
In the last segment, we introduced two recent laws that have significantly increased the regulatory compliance obligations of the health care industry – the Health Information Technology for Economic and Clinical Health (HITECH) Act and the Identity Theft Red Flags and Notices of Address Discrepancy (Red Flags Rule). As the Office for Civil Rights (OCR) reporting website demonstrates, the impetus for these new data breach regulations clearly has not been overstated. HITECH requires the OCR to post PHI breaches involving more than 500 individuals, and since the rule went into effect in February of 2009, 288 incidents have been reported, four of which involve over 1 million individuals. With the threat of data breaches clear and regulatory fever now in full swing, it is important to understand the specific requirements and implications of these new laws on the health care industry.
Flu season may be over, but for the health care industry, a more troublesome and persistent threat is just warming up. Regulatory fever, a common side effect of an ailing economy, is now nearly in full swing. Beginning with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, ensuring privacy and security of patient information in the health care industry has been a primary concern for legislators over the past decade and a half. The HIPAA Privacy Rule extends federal protection to personal health information held by covered entities, and is fulfilled by the Security Rule, which prescribes the use of security safeguards to ensure confidentiality is maintained.[1] While HIPAA was a significant step forward in the security of personal health information management, two new regulations are raising the bar even higher in an effort to integrate and benefit from advancements in information technology.
