HIPAA Final Rule: Enforcement: Four Penalty Tiers

February 21, 2013.  Today, we examine the four penalty tiers for violations of HIPAA Rules in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. We start with two definitions, the first of which, Reasonable cause, was modified in the Final Rule, and the second of…

READ MORE

HIPAA Final Rule: Enforcement: Willful Neglect

February 20, 2013.  Today, we begin examination of HITECH Act modifications of HIPAA Enforcement, focusing on the meaning and consequences of willful neglect in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Willful neglect is defined as “conscious, intentional failure or reckless indifference to the…

READ MORE

Final HIPAA Rule: Security Statutory Authority and Direct Regulation of Business Associates

February 4, 2013.  Today, we cover the security safeguards of the HIPAA Security Rule, as Modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. The statutory authority for applicability of the HIPAA Security Rule is in Section 13401 of the HITECH Act (123 STAT….

READ MORE

EFT and RA Transaction Operating Rules IFC Published in Federal Register August 10

August 10, 2012.  Today, the Interim Final Rule with comment period (IFC):  Administrative Simplification:  Adoption of Operating Rules for Electronic Funds Transfers (EFT) and Remittance Advice Transactions, was published in the Federal Register.  The effective date of the IFC is the date of publication, August 10, 2012.   Comments on the IFC may be submitted to the Department of Health and Human Services (HHS) on or before October 9, 2012, with submission instructions included on page 48008 of the IFC.    The Executive Summary (without footnotes) from the IFC follows: “A.  Purpose of the Regulatory Action.  Health care spending in the United States constitutes nearly 18 percent of the US…

READ MORE

Clock Running Down on Business Associate Compliance with HIPAA Security Rule Required by HITECH Act

Less than one month to go:  Business Associates must comply with the HIPAA Security Rule no later than Wednesday, February 17, 2010.  Here are relevant provisions from the American Recovery and Reinvestment Act, Public Law 111-5, which included HITECH Act Subtitle D:  Privacy. 42 USC 17931 (PART 1–IMPROVED PRIVACY PROVISIONS AND SECURITY PROVISIONS, Section 13401:  Application of Security Provisions and Penalties to Business Associates of Covered Entities; Annual Guidance on Security Provisions). (a)  APPLICATION OF SECURITY PROVISIONS.–Sections 164.308 (Administrative Safeguards), 164.310 (Physical Safeguards), 164.312 (Technical Safeguards), and 164.316 (Policies and Procedures and Documentation Requirements) of title 45, Code of Federal Regulations, shall apply to a business associate of a covered…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 6

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will required compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

American Recovery and Reinvestment Act of 2009

ONE HUNDRED ELEVENTH CONGRESS of the UNITED STATES of AMERICA American Recovery and Reinvestment Act of 2009 Making supplemental appropriations for job preservation and creation, infrastructure investment, energy efficiency and science, assistance to the unemployed, and State and local fiscal stabilization, for the fiscal year ending September 30, 2009, and for other purposes. AGENCY: 111th US Congress. ACTION: Act. Download (Requires Acrobat Reader)

President Obama to Sign ARRA’s HITECH provisions Tuesday, February 17, 2009, in Denver, CO

The Senate joined the House on Friday evening, February 13, 2009, in passing the American Recovery and Reinvestment Act, which includes provisions relating to Health Information Technology. Title XIII of Division A and Title IV of Division B together are known as the “Health Information Technology for Economic and Clinical Health Act” or the “HITECH Act.”  We will be highlighting attributes of the HITECH Act through the end of February. Contrary to the political blather, this legislation is a significant step forward in providing funding and incentives to accelerate adoption of standardized and interoperable electronic business and clinical technologies in healthcare and in strengthening privacy safeguards for patients’ protected health…

READ MORE