HHS hasn’t released any significant news around HIPAA regulations since its draft guidance on unsecure protected health information April 17, but that does not mean it is time to sit idle.
Major regulations surrounding breach notifications on PHRs by the Federal Trade Commission and unsecure PHI by the Department of Health and Human Services are due in August. Click title to read more…
However, now is the time to start thinking about a few things when it comes to HIPAA and the new laws in the Health Information Technology for Economic and Clinical Health (HITECH) Act.
Know your business associates. The HITECH Act says your BAs must comply directly with the HIPAA Security Rule and the use and disclosure requirements of the HIPAA Privacy Rule. As long as a company handles PHI, it’s a business associate, according to CMS.
So get to know them better. Or, better yet, get them to know HIPAA better. Section 13401 of the HITECH Act includes the new requirements for BAs. The Act also says civil and criminal penalties for violations of the HIPAA and compliance audits apply directly to BAs. As a covered entity, you must incorporate these additional requirements in your agreements with the BAs, according to the new law.
If you enjoyed this, please consider sharing it!
