Exploring HIPAA and HITECH Act Definitions: Part 1

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification and securing of protected health information. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register and citation to the Code of Federal Regulations (CFR). We begin the first series of postings with definitions from “Health…

READ MORE

Collection, Use, and Disclosure Limitation Key Privacy/Security Principle of Meaningful Use 2011 Objectives

On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The eight principles in this report underpin the HIPAA Administrative Simplification Privacy and Security Rule standards, provide a foundation of the Privacy provisions of the HITECH Act in the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, and are a key objective of proposed 2011 Objective recommendations for Meaningful Use published by HHS’ Health IT Policy Committee on June 16, 2009….

READ MORE

Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

Office of the National Coordinator for Health Information Technology U.S. Department of Health and Human Services Numerous forces are driving the health care industry towards the use of health information technology, such as the potential for reducing medical errors and health care costs, and increasing individuals’ involvement in their own health and health care. To facilitate this advancement and reap its benefits while reducing the risks, it is important to consider individual privacy interests together with the potential benefits to population health. Download (Requires Acrobat Reader)

HHS’s Health IT Policy Committee 2011 Draft Meaningful Use Objectives and Measures for Public Comment

The HITECH Act of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, provides an electronic health record (EHR) adoption incentive program for healthcare providers who adopt certified electronic health records and use them in a meaningful way to improve patient care. The incentive program begins in January 2011 and terminates at the end of 2014 for new adopters of certified electronic health record technology. HHS’ Health Information Technology (IT) Policy Committee released on June 16, 2009, two documents pertaining to the definition of “meaningful use” for public comment by 5 PM ET, Friday, June 26, 2009. These documents are the Meaningful Use…

READ MORE

HHS’s HIT Policy Committee Releases Draft Recommendations on Meaningful Use for Public Comment

The HITECH Act of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, provides an electronic health record (EHR) adoption incentive program for healthcare providers who adopt certified electronic health records and use them in a meaningful way to improve patient care. The incentive program begins in January 2011 and terminates at the end of 2014 for new adopters of certified electronic health record technology. HHS’ Health Information Technology (IT) Policy Committee released on June 16, 2009, two documents pertaining to the definition of “meaningful use” for public comment by 5 PM ET, Friday, June 26, 2009. These documents are the Meaningful Use…

READ MORE

ARRA’s HITECH Privacy Provisions Apply HIPAA Security Rule to Business Associates

President Obama signed into law the American Recovery and Reinvestment Act of 2009 (ARRA) on Tuesday, February 17, 2009. The Health Information Technology for Economic and Clinical Health Act (HITECH) provisions of ARRA in Title XIII include important changes in Privacy (Subtitle D). Our focus in this posting is the change related to business associates under HIPAA Administrative Simplification that is specified in Section 13401: Application of Security Provisions and Penalties to Business Associates of Covered Entities. In this section, administrative, physical, and technical safeguards, and policy, procedure, and documentation requirements of the HIPAA Administrative Simplification Security Rule “shall apply to a business associate of a covered entity in the…

READ MORE

Are You Subject to HIPAA Privacy Rules when Publishing Confidential Health Information on a Social Network?

It’s unlikely the social networking sites are health care providers, so HIPAA’s privacy rule doesn’t apply; but other privacy business practices are likely to affect you. First, tackle the HIPAA Privacy question by responding to the following questions. » Are you a healthcare provider that conducts transactions electronically? » Are you a healthcare clearinghouse? (Do you process healthcare claims?) » Are you a health plan? (insurance payer) If you answered no to these questions, you are not a covered entity under HIPAA’s Privacy Rule. That said, you probably are more concerned about users sharing health information online that if stolen, could be used in identity theft. Consumers (patients) often use…

READ MORE