HITECH: Three YearsLaterLinda D. KoontzAlison R. Brunelle      Tuesday, April 3, 2012 | Track 2 | 3:45 PM to 4:15 PM      ...
HIPAA Then and Now:What Has HITECH Changed?    Breach                                          Business    Notification   ...
HITECH Timeline of Events                            Management                              Services                     ...
Meaningful Use: Privacy Considerations    Capture and                    Stage 1    Share Data    • Electronic            ...
Backup                                                                               Page 5         For Interconnected Hea...
HIPAA 101: What Information Is Protected?                                                                                 ...
HIPAA 101: Core Concepts                                                                     • Title I of HIPAA protects h...
HIPAA 101: The Privacy Rule                           • Establishes national standards to protect individuals’ medical    ...
HIPAA 101: The Security Rule               • Establishes national standards to                 protect individuals’ electr...
HIPAA 101: The Enforcement Rule                                                                 • Contains provisions     ...
HITECH 101: Core Concepts                                                                • Enacted as part of the American...
HITECH 101: The Breach Notification Rule              • Establishes an expansive protocol requiring                HIPAA C...
Upcoming SlideShare
Loading in …5
×

Interconnected Health 2012 Hitech 3 Years Later

1,082 views
995 views

Published on

The Health Information Technology for Economic and Clinical Health Act or HITECH was passed by the Congress three years ago. Among its provisions, HITECH sought to strengthen privacy and security measures over health information. Specifically, it added new privacy and security requirements for business associates, established new breach notification requirements, and enhanced enforcement efforts.

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,082
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
15
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Interconnected Health 2012 Hitech 3 Years Later

  1. 1. HITECH: Three YearsLaterLinda D. KoontzAlison R. Brunelle Tuesday, April 3, 2012 | Track 2 | 3:45 PM to 4:15 PM For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  2. 2. HIPAA Then and Now:What Has HITECH Changed? Breach Business Notification Associate Liability Enhanced Privacy Audit Programs and Security Enforcement Actions Page 2 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  3. 3. HITECH Timeline of Events Management Services Organization (“MSO”) agrees to settle for potential "Meaningful Funding HIPAA privacy We are Use" opportunities Passage of and security requirement in here projected to ARRA rule violations effect end 2009 2010 2011 2012 2015 Grant awards Cignet Health HHS to states faces first anticipates commences HIPAA completing 150 penalties for audits by the violating end of 2012 Privacy RuleSource: Adapted from Minnesota e-Health Initiative Public Meeting on the HITECH ACT on March 18, 2009. Page 3 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  4. 4. Meaningful Use: Privacy Considerations Capture and Stage 1 Share Data • Electronic Decision Proposed Stage 2 copies of protected Support health Care information • Certified EHR Outcomes TBD Stage 3 (PHI) to patients adoption with • Systems • Secure all clinical interoperability messaging information • Access to documented comprehensive • Health patient data information from all exchange available • Patient sources engagement • Advanced patient engagement Page 4 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  5. 5. Backup Page 5 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  6. 6. HIPAA 101: What Information Is Protected? RuleProtected Health Information (PHI) LawAll "individually identifiable health information” (IIHI)• Held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.• Excludes from PHI employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act. TwoDe-Identified Health Information Ways• There are no restrictions on the use or disclosure of de-identified health information. Source: U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) , Website, The HIPAA Privacy Rule. Page 6 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  7. 7. HIPAA 101: Core Concepts • Title I of HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. • Title II of HIPAA, known as the Administrative Simplification (AS)Health Insurance provisions, requires the establishment of national standards Portability and for electronic health care transactions and national identifiers for providers, Accountability health insurance plans, and(HIPAA) of 1996 employers.Source: Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104-191 (1996), (codified in scattered sections of title 42 U.S. Code); 45 C.F.R. parts160 and 164 (HIPAA Privacy and Security Rules). Page 7 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  8. 8. HIPAA 101: The Privacy Rule • Establishes national standards to protect individuals’ medical records and other personal health information and applies to health Openness and plans, health care clearinghouses, and those health care providers Transparency, that conduct certain health care transactions electronically. Accountability • Requires appropriate safeguards to protect the privacy of personal health information, and sets limits and conditions on the uses and Safeguards, disclosures that may be made of such information without patientCollection, Use, and authorization.Disclosure Limitation • Gives patients rights over their health information, including rights to examine and obtain a copy of their health records, and to requestIndividual Access and corrections. Choice, Correction Source: U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) , Website, The HIPAA Privacy Rule. Page 8 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  9. 9. HIPAA 101: The Security Rule • Establishes national standards to protect individuals’ electronic personal health information that is created, received, used, or maintained by aAccountability Covered Entity. • Requires appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity, and Safeguards, security of electronic protected health Data Quality and Integrity information.Source: U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) , Website, The HIPAA Security Rule. Page 9 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  10. 10. HIPAA 101: The Enforcement Rule • Contains provisions relating to compliance and investigations, the imposition of civil money penalties for violations of the HIPAA AdministrativeAccountability Simplification Rules, and procedures for hearings.Source: U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) , Website, The HIPAA Enforcement Rule. Page 10 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  11. 11. HITECH 101: Core Concepts • Enacted as part of the American Recovery and Reinvestment Act (ARRA) of 2009, is designed to promote the widespread adoption and standardization of health information technology. • Requires the Department of Health and Human Services (HHS) to modify the HIPAA Privacy, Security, and Enforcement Rules to strengthen Health Information the privacy and security protections for health information and to improve the workability and Technology for effectiveness of the HIPAA Rules. • Mandated the Office of the National Coordinator Economic and for Health Information Technology (ONC) Clinical Health originally created under an Executive Order in 2004.(HITECH) Act of 2009Source: U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) , Website, The HIPAA Breach Notification Rule. Page 11 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.
  12. 12. HITECH 101: The Breach Notification Rule • Establishes an expansive protocol requiring HIPAA Covered Entities and their Business Associates to provide notice when anOpenness and individuals “unsecured” protected healthTransparency, information has been breached.Accountability • Requires appropriate breach notification must be provided to individuals, HHS, and/or the media depending on the circumstances.AccountabilitySource: U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) , Website, The HIPAA Breach Notification Rule. Page 12 For Interconnected Health 2012 © 2012 The MITRE Corporation. All rights reserved.

×