SlideShare una empresa de Scribd logo

Legal implications of HIPAA, HITECH and BAAs

Online Tech
Online Tech
TecnologíaEconomía y finanzasEmpresariales
1 de 10
• HIPAA (Health Insurance Portability and Accountability Act) • Passed in 1996 • Enacted to protect health information • transaction standards for the exchange of health information • security standards • privacy standards • Protects “protected health information” • means individually identifiable health information that is: (i) Transmitted by electronic media; (ii) Maintained in electronic media; or (iii) Transmitted or maintained in any other form or medium • there are certain exclusions such as education records and employment records held by a covered entity in its role as employer
• Applies to “covered entities” • Covered entity means (1) A health plan, (2) A health care clearinghouse, (3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter • Health information means any information, whether oral or recorded in any form or medium, that: (1) Is created or received by a health care provider, . . .employer, . . . and (2) Relates to the past, present, OR future physical or mental health or condition of an individual; the provision of health care to an individual; OR the past, present, or future payment for the provision of health care to an individual.
• Also applies to the “business associates” of covered entities • Business associate means broadly, a person who “performs, or assists in the performance of . . . a function or activity involving the use or disclosure of individually identifiable health information” • including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing • Broadly, this means that if you use or receive PHI, then you are either a covered entity or a business associate
• HITECH (Health Information Technology for Economic and Clinical Health) • Signed into law on February 17, 2009 • Provides for the adoption of electronic health records • Also adds new breach provisions • "the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information"
HITECH Breach • Who is under Obligations? • Covered Entity • Business Associate • Subcontractor Requirements
HITECH Breach • Who is under Obligations? • Covered Entity • Business Associate • Subcontractor Requirements • What are an entity’s Obligations? • Investigate, give notice, reprimand, record/notify Secretary of Health and Human Services • If over 500 individuals affected, then must report to the Secretary • As of September 26, 2011, 330 reports (several organizations more than once), impacting more than 11 million records
Getting out of Breach Notification • Only provide the required notification if the breach involved unsecured protected health information • Unsecured PHI is PHI that has not been rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance
Getting out of Breach Notification • Guidance available: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificatio nrule/brguidance.html (and is to be updated annually) • Data at Rest: NIST • Data in Motion:
Legal implications of HIPAA, HITECH and BAAs

Recomendados

Hippa
Hippa Hippa
Hippa
penetration Tester
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
Valency Networks
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2
Tina Norris
 
Hippa
HippaHippa
Hippa
Betty Davis
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaa
digitalpractice
 
Confidentiality presentation(1)
Confidentiality presentation(1)Confidentiality presentation(1)
Confidentiality presentation(1)
Kimberlin1
 
HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU Simplified
Gretchen Husted
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017
Ashley Valenzuela
 

Recomendados

Hippa
Hippa Hippa
Hippa
penetration Tester
 
HIPAA Audit Implementation
HIPAA Audit ImplementationHIPAA Audit Implementation
HIPAA Audit Implementation
Valency Networks
 
Norris, t week 1 discussion 2
Norris, t week 1 discussion 2Norris, t week 1 discussion 2
Norris, t week 1 discussion 2
Tina Norris
 
Hippa
HippaHippa
Hippa
Betty Davis
 
What is hipaa
What is hipaaWhat is hipaa
What is hipaa
digitalpractice
 
Confidentiality presentation(1)
Confidentiality presentation(1)Confidentiality presentation(1)
Confidentiality presentation(1)
Kimberlin1
 
HIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU SimplifiedHIPAA-HITECH-MU Simplified
HIPAA-HITECH-MU Simplified
Gretchen Husted
 
Hippa training 2017
Hippa training 2017Hippa training 2017
Hippa training 2017
Ashley Valenzuela
 
DVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PADVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PA
William Buddy Gillespie ITIL Certified
 
Understanding the HIPPA Act
Understanding the HIPPA ActUnderstanding the HIPPA Act
Understanding the HIPPA Act
Alice Bell, M.B.A.
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
schmoikel987
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
9535814851
 
2012 HIPAA Refresher
2012 HIPAA Refresher2012 HIPAA Refresher
2012 HIPAA Refresher
erikalsm
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
mlireton
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA Compliance
Manny Oliverez
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security Presentation
Rebecca Norman
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
ridley27
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
martykoepke
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynch
plynch2012
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
falane
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide show
heathercool
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awareness
Charles Taft
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
rcabarloc
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliance
dixibee
 
Hi103 week 5 chpt 13
Hi103 week 5 chpt 13Hi103 week 5 chpt 13
Hi103 week 5 chpt 13
BealCollegeOnline
 
Hitech Act
Hitech ActHitech Act
Hitech Act
Deborah Obasogie
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
ndejesus4
 
Hippa laws
Hippa lawsHippa laws
Hippa laws
Becky Bauer
 
HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process Servers
Lawgical
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
Joseph White MPA CPM
 

Más contenido relacionado

La actualidad más candente

2012 HIPAA Refresher
2012 HIPAA Refresher2012 HIPAA Refresher
2012 HIPAA Refresher
erikalsm
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
mlireton
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security Presentation
Rebecca Norman
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
martykoepke
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynch
plynch2012
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide show
heathercool
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliance
dixibee
 

La actualidad más candente (20)

DVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PADVHIMSS Ensuring Privacy and Security of HIEs in PA
DVHIMSS Ensuring Privacy and Security of HIEs in PA
 
Understanding the HIPPA Act
Understanding the HIPPA ActUnderstanding the HIPPA Act
Understanding the HIPPA Act
 
Hipaa training
Hipaa trainingHipaa training
Hipaa training
 
Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2Health insurance portability and act(hipaa)2
Health insurance portability and act(hipaa)2
 
2012 HIPAA Refresher
2012 HIPAA Refresher2012 HIPAA Refresher
2012 HIPAA Refresher
 
Hipaa basics
Hipaa basicsHipaa basics
Hipaa basics
 
HIPAA Compliance
HIPAA ComplianceHIPAA Compliance
HIPAA Compliance
 
HIPPA Security Presentation
HIPPA Security PresentationHIPPA Security Presentation
HIPPA Security Presentation
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
 
Hipaa basics pp2
Hipaa basics pp2Hipaa basics pp2
Hipaa basics pp2
 
Hipaa training by p. lynch
Hipaa training by p. lynchHipaa training by p. lynch
Hipaa training by p. lynch
 
Mha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentationMha 690 week 1 discussion presentation
Mha 690 week 1 discussion presentation
 
Hippa slide show
Hippa slide showHippa slide show
Hippa slide show
 
Hippa privacy and security awareness
Hippa privacy and security awarenessHippa privacy and security awareness
Hippa privacy and security awareness
 
HIPAA | HITECH
HIPAA | HITECHHIPAA | HITECH
HIPAA | HITECH
 
HIPPA Compliance
HIPPA ComplianceHIPPA Compliance
HIPPA Compliance
 
Hi103 week 5 chpt 13
Hi103 week 5 chpt 13Hi103 week 5 chpt 13
Hi103 week 5 chpt 13
 
Hitech Act
Hitech ActHitech Act
Hitech Act
 
Confidentiality Training
Confidentiality TrainingConfidentiality Training
Confidentiality Training
 
Hippa laws
Hippa lawsHippa laws
Hippa laws
 

Similar a Legal implications of HIPAA, HITECH and BAAs

Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
Qmcleod
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Xiaoming Zeng
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
geeksikh
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
smallwoods
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
smallwoods
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
smallwoods
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2
martykoepke
 

Similar a Legal implications of HIPAA, HITECH and BAAs (20)

HIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process ServersHIPAA and FDCPA Compliance for Process Servers
HIPAA and FDCPA Compliance for Process Servers
 
Data Management Protection Acts
Data Management Protection ActsData Management Protection Acts
Data Management Protection Acts
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
 
Privacy & security training.pptx
Privacy & security training.pptxPrivacy & security training.pptx
Privacy & security training.pptx
 
HIPAA2
HIPAA2HIPAA2
HIPAA2
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 
Hipaa for business associates simple
Hipaa for business associates simpleHipaa for business associates simple
Hipaa for business associates simple
 
HIPAA and Privacy Training
HIPAA and Privacy TrainingHIPAA and Privacy Training
HIPAA and Privacy Training
 
health insurance portability and accountability act.pptx
health insurance portability and accountability act.pptxhealth insurance portability and accountability act.pptx
health insurance portability and accountability act.pptx
 
2017 HIPAA Clinical Research Training
2017 HIPAA Clinical Research Training2017 HIPAA Clinical Research Training
2017 HIPAA Clinical Research Training
 
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
Patient Privacy Provisions of the HITECH Act Implications for Patients and Sm...
 
Annual HIPAA Training
Annual HIPAA TrainingAnnual HIPAA Training
Annual HIPAA Training
 
Hitech changes-to-hipaa
Hitech changes-to-hipaaHitech changes-to-hipaa
Hitech changes-to-hipaa
 
Phi masella
Phi masellaPhi masella
Phi masella
 
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACYPROTECTED HEALTH INFORMATION_PATIENT PRIVACY
PROTECTED HEALTH INFORMATION_PATIENT PRIVACY
 
Mha690 week 1 discusssion 2
Mha690 week 1 discusssion 2 Mha690 week 1 discusssion 2
Mha690 week 1 discusssion 2
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Confidentiality, security, and integrity of information
Confidentiality, security, and integrity of informationConfidentiality, security, and integrity of information
Confidentiality, security, and integrity of information
 
Hipaa basics.pp2
Hipaa basics.pp2Hipaa basics.pp2
Hipaa basics.pp2
 

Más de Online Tech

Cloud Computing Disaster Recovery Framework
Cloud Computing Disaster Recovery FrameworkCloud Computing Disaster Recovery Framework
Cloud Computing Disaster Recovery Framework
Online Tech
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
Online Tech
 

Más de Online Tech (6)

New Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the CloudNew Solutions for Security and Compliance in the Cloud
New Solutions for Security and Compliance in the Cloud
 
Cloud Computing Disaster Recovery Framework
Cloud Computing Disaster Recovery FrameworkCloud Computing Disaster Recovery Framework
Cloud Computing Disaster Recovery Framework
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
 
Disaster Recovery in the Cloud -- A Failover Testing Case Study
Disaster Recovery in the Cloud -- A Failover Testing Case StudyDisaster Recovery in the Cloud -- A Failover Testing Case Study
Disaster Recovery in the Cloud -- A Failover Testing Case Study
 
Navigating the World of Cloud Computing
Navigating the World of Cloud ComputingNavigating the World of Cloud Computing
Navigating the World of Cloud Computing
 
Colocation Basics for Small to Medium Sized Businesses
Colocation Basics for Small to Medium Sized BusinessesColocation Basics for Small to Medium Sized Businesses
Colocation Basics for Small to Medium Sized Businesses
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Legal implications of HIPAA, HITECH and BAAs

  • 1.
  • 2. • HIPAA (Health Insurance Portability and Accountability Act) • Passed in 1996 • Enacted to protect health information • transaction standards for the exchange of health information • security standards • privacy standards • Protects “protected health information” • means individually identifiable health information that is: (i) Transmitted by electronic media; (ii) Maintained in electronic media; or (iii) Transmitted or maintained in any other form or medium • there are certain exclusions such as education records and employment records held by a covered entity in its role as employer
  • 3. • Applies to “covered entities” • Covered entity means (1) A health plan, (2) A health care clearinghouse, (3) A health care provider who transmits any health information in electronic form in connection with a transaction covered by this subchapter • Health information means any information, whether oral or recorded in any form or medium, that: (1) Is created or received by a health care provider, . . .employer, . . . and (2) Relates to the past, present, OR future physical or mental health or condition of an individual; the provision of health care to an individual; OR the past, present, or future payment for the provision of health care to an individual.
  • 4. • Also applies to the “business associates” of covered entities • Business associate means broadly, a person who “performs, or assists in the performance of . . . a function or activity involving the use or disclosure of individually identifiable health information” • including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing • Broadly, this means that if you use or receive PHI, then you are either a covered entity or a business associate
  • 5. • HITECH (Health Information Technology for Economic and Clinical Health) • Signed into law on February 17, 2009 • Provides for the adoption of electronic health records • Also adds new breach provisions • "the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information"
  • 6. HITECH Breach • Who is under Obligations? • Covered Entity • Business Associate • Subcontractor Requirements
  • 7. HITECH Breach • Who is under Obligations? • Covered Entity • Business Associate • Subcontractor Requirements • What are an entity’s Obligations? • Investigate, give notice, reprimand, record/notify Secretary of Health and Human Services • If over 500 individuals affected, then must report to the Secretary • As of September 26, 2011, 330 reports (several organizations more than once), impacting more than 11 million records
  • 8. Getting out of Breach Notification • Only provide the required notification if the breach involved unsecured protected health information • Unsecured PHI is PHI that has not been rendered unusable, unreadable, or indecipherable to unauthorized individuals through the use of a technology or methodology specified by the Secretary in guidance
  • 9. Getting out of Breach Notification • Guidance available: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificatio nrule/brguidance.html (and is to be updated annually) • Data at Rest: NIST • Data in Motion: