HIPAA HITECH Compliance
In January 2013, The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a final rule that implemented a number of provisions of the Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, to strengthen the privacy and security protections for health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
We have found that most practices are HIPAA compliant but not HITECH or Security Rule compliant. Covered entities and business associates must comply with the HIPAA Security Rule. The Security Rule has three major safeguards; each safeguard is comprised of a number of standards, which, in turn, are comprised of a number of implementation specifications which are either required or addressable.
- Administrative Safeguards
9 standards and 23 implementation specifications
- Physical Safeguards
4 standards and 10 implementation specifications
- Technical Safeguards
5 standards and 9 implementation specifications
Where are you with your compliance efforts? How confident are you that they would stand up under an OCR audit?
Trout, Ebersole & Groff, LLP can help close the gap by working with you and the procedures you already have in place for HIPAA, and coordinate with your in-house or external IT personnel to design policies and procedures specifically for your organization, based on the complexity of your system.