Impact of information technology has been pervasive across all sectors of business. Healthcare is no exception. Today hi-tech solutions are available for efficiently managing health information of patients. HITECH (Health Information Technology for Economic and Clinical Health) Act came in 2009 to address certain concerns in information security and privacy of the electronic medical records (EMR) or the electronic health records (EHR) of patients.
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Being hi tech and not hitech compliant –know the consequences
1. Being Hi-tech and Not HITECH Compliant –Know the Consequences
Impact of information technology has been pervasive across all sectors of business. Healthcare is no
exception. Today hi-tech solutions are available for efficiently managing health information of patients.
HITECH (Health Information Technology for Economic and Clinical Health) Act came in 2009 to address
certain concerns in information security and privacy of the electronic medical records (EMR) or the
electronic health records (EHR) of patients. So the protection of patient health information became the
focus of attention.
Health organizations have to adhere to HIPAA, i.e. the Health Insurance Portability and Accountability Act
since the time of its inception in 1996. HIPAA was originally introduced by congress to secure health
insurance rights of workers. There were other complementary titles to the act and were introduced as
“Title 2” that was designed to secure electronically saved information associated with the patient health
data. This came to be known as Protected Health Information, i.e. PHI.
The concern with HIPAA was the broad interpretation taken by numerous healthcare providers and
insurers. The outcome was a varying degree of adoption amongst providers leaving people unsure
whether they were compliant or not. The requirements were not specific and there was very less
enforcement done.
HITECH i.e. Health Information Technology for Economic and Clinical Health Act was set up in 2009 and
made important modifications to HIPAA. This act also offers incentives for utilizing electronic health
records and has set up stricter notification standards, raised the penalty, tightened the enforcement as
well as altered the accountabilities and liabilities of Business Associates.
The term breach too has been redefined by HITECH as “The unauthorized acquisition, access, use, or
disclosure of protected health information, which compromises the security or privacy of protected health
information— except where an unauthorized person to whom such information is disclosed would not
reasonably have been able to retain such information”.
Hence, going by the definition, any breach that reveals the patient’s confidential data would have lasting
and serious consequences. Unlike credit cards, that can be cancelled and altered once revealed, health
care records cannot be reset or altered. As per the information from Forrester Research, criminals have
been aiming at the health care organizations. For security groups within healthcare institutions HITECH’s
increased penalties will assist the justification of financing required for the security and compliance
projects that otherwise might have been overlooked under ambivalent enforcement defined by HIPAA.
2. Complying with HIPAA and HITECH might appear time consuming and a complex process. However,
today companies specializing in compliance management solutions have made the job much easier. They
offer solutions that needs no software or hardware investments and can be deployed quickly. Users need
not worry about technical assistance or any backup requirements and they can receive all the benefits of
a future-proof compliance management solution. It also includes in-built HIPAA and HITECH support that
is easily expanded and automatically kept up-to-date. Data is saved in SaS 70 Type II secure data center.
These compliance management solutions also deliver the necessary risk analysis and compliance reports
required for demonstrating the appropriate level of Meaningful Use so that Covered Entities can receive
reimbursements from the federal government as soon as possible. So in being hi-tech ensure that you
are also HITECH compliant. Penalties otherwise could stiflethe business itself.
Read on - GLBA Compliance, PCI compliance