From: Workplace Privacy, Data Management & Security Repo
We recently reported here that the Department of Health and Human
Services (HHS) is issuing proposed regulations to implement
statutory amendments under the Health Information Technology for
Economic and Clinical Health Act (the “HITECH Act”).
These proposed regulations contain a number of important points to
think about for HIPAA covered entities (and business associates),
even though these rules are in proposed form. One is avoiding HIPAA
violations involving “willful neglect," which under the
HITECH Act will require a formal investigation and civil penalties.
To date, the Secretary of HHS has attempted to resolve complaints
and certain violations by informal means, as required by §
160.312 of the current regulations. A significant change to the
HIPAA enforcem...
Respond to this topic on your own blog
Click and press Ctrl+C to copy and paste this discussion on your blog or site
Related Articles
Shredding and Data Destruction Companies - A HIPAA-Covered Entity's Best Friend
We recently reported here that the Department of Health and Human
Services (HHS) is issuing proposed regulations to implement
statutory amendments under the Health Information Technology for
Economic and Clinical Health Act (the “HITECH Act”).
These proposed regulations contain a number of important points to
think about for HIPAA covered entities (and business associates),
even though these rules are in proposed form. One is avoiding HIPAA
violations involving “willful neglect," which under the
HITECH Act will require a formal investigation and civil penalties.
To date, the Secretary of HHS has attempted to resolve complaints
and certain violations by informal means, as required by §
160.312 of the current regulations. A significant change to the
HIPAA enforcem...
Shredding and Data Destruction Companies - A HIPAA-Covered Entity's Best Friend
We recently reported here that the Department of Health and Human
Services (HHS) is issuing proposed regulations to implement
statutory amendments under the Health Information Technology for
Economic and Clinical Health Act (the “HITECH Act”).
These proposed regulations contain a number of important points to
think about for HIPAA covered entities (and business associates),
even though these rules are in proposed form. One is avoiding HIPAA
violations involving “willful neglect," which under the
HITECH Act will require a formal investigation and civil penalties.
To date, the Secretary of HHS has attempted to resolve complaints
and certain violations by informal means, as required by §
160.312 of the current regulations. A significant change to the
HIPAA enforcem...
Proposed HITECH Regulations: Will Subcontractors of Business Associates Be Subject to the HIPAA Privacy and Security Rule?
Further to our discussions of the proposed regulations to implement
statutory amendments under the Health Information Technology for
Economic and Clinical Health Act (the “HITECH Act”), we
summarize here a proposed changed to the definition of
“business associate.” A significant part of the
“HIPAA community” (covered entities, business
associates and their agents and subcontractors) already is aware of
the expanded application of HIPAA to business associates under
HITECH. This expansion went into effect February 18, 2010, and, in
fact, many business associate agreements currently are being
modified in an attempt to reflect the statutory provisions. The
HIPAA community, however, may not yet be aware of the proposal to
further expand the direct application...
Proposed HITECH Regulations: Will Subcontractors of Business Associates Be Subject to the HIPAA Privacy and Security Rule?
Further to our discussions of the proposed regulations to implement
statutory amendments under the Health Information Technology for
Economic and Clinical Health Act (the “HITECH Act”), we
summarize here a proposed changed to the definition of
“business associate.” A significant part of the
“HIPAA community” (covered entities, business
associates and their agents and subcontractors) already is aware of
the expanded application of HIPAA to business associates under
HITECH. This expansion went into effect February 18, 2010, and, in
fact, many business associate agreements currently are being
modified in an attempt to reflect the statutory provisions. The
HIPAA community, however, may not yet be aware of the proposal to
further expand the direct application...
New Challenges for HIPAA Business Associates Under ARRA and HITECH
Have you noticed that negotiating that business associate agreement
has gotten a lot more difficult? Many companies that serve health
care providers and health plans, generally known as business
associates, have noticed. These companies include software vendors,
benefits brokers, cloud computing providers, data
storage/destruction companies, and accountants, among others. The
clients of these companies are citing HIPAA, ARRA, HITECH, data
breach notification requirements, and state law mandates as they
demand stricter contract language and additional rights and
protections, such as the right to audit the business associate and
to be held harmless in the event of any data mishap. Business
associates that took HIPAA lightly in 2003 and 2004, when the HIPAA
regulations first became effective ...
