2. TERMS TO KNOW
HIPAA
First comprehensive federal protection for
privacy and individually identifiable
protected health information (PHI), 1996
3. Terms to Know
(HITECH) Health Information Technology
for Economic and Clinical Health Act is
part of the American Recovery and
Reinvestment Act (ARRA) of 2009.
4. Purpose of HITECH Act
Portions of the HITECH Act are designed
to strengthen HIPAA rules that address
privacy and security matters concerning
electronic transmission of health
information (Cascardo, 2012).
5. Health and Human Services
Health and Human Services (HHS):
Under ARRA, a healthcare organization
must notify individuals of any security
breach and keep a log of breaches to
submit annually to HHS (Cascardo,
2012).
6. WARNING
If there is a breach of “unsecured PHI,” a
healthcare organization is required by
law to notify each individual whose PHI
was breached within 60 days of
discovery of breach (Cascardo, 2012).
8. Security Breach
HHS must be notified immediately if the
breach involves more than 500
individuals; media must also be notified.
9. Review of Policies &
Procedures
Staff will be trained on appropriate measures
required to review patient files and maintain
confidentiality (Cascardo, 2012).
Staff will be trained with respect to the
reporting of breaches.
Reprimands will be imposed on any staff that
does not comply with breach notification
procedures.
10. Review of Policies and
Procedures
Procedures will be discussed on how to
file a complaint under the HHS rules.
Individuals are within their rights to file a
complaint under HHS regulations.
All staff will be properly trained in
HIPAA compliance.
11. Reference
Cascardo, D. (2012). What to do before the office for civil rights
comes knocking: Part I. The Journal of Medical Practice
Management: MPM, 27(6), 337-40. Retrieved from http://search
.proquest.com/docview/1242495446?accountid=32521