For covered entities (CEs) who have tight privacy and security measures in place, the breach notification requirements under HITECH (amending HIPAA) might not seem especially onerous.  But what about breaches the CE doesn’t know about?  What if the CE’s business associate (BA) fails to report a breach of unsecured health information?  What if the BA

The U.S. Department of Health and Human Services (HHS) announced today in a News Release that it has issued new regulations requiring health care providers, health plans, and other entities (e.g., now also Business Associates) covered by the Health Insurance Portability and Accountability Act (HIPAA), to notify individuals, and in some instances the media and HHS, in the event of

     Do you need help understanding what to do in light of HITECH’s privacy and security changes to HIPAA?  Are you concerned about HITECH’s increased penalties for HIPAA violations? Are you struggling to understand what needs to be done under the New Jersey Security Breach Notification Act, and how these state requirements reconcile with the HITECH breach notification requirements? 

    

[Installment 5 – Governance Considerations from HIT for the Board and Other Hospital Stakeholders] 

This is the fifth in a series of blog posts that relate to the governance concerns surrounding developments in HIPAA, HITECH and HIT. 

The other week, two separate and apparently unrelated events occurred on consecutive days with respect to electronic health records

When I first reviewed the Matrix and other documents released by the HIT Policy Committee’s “Meaningful Use” Workgroup, my initial reaction was “When did defining ‘Meaningful Use’ of EHR morph into attempting to use EHRs to ‘meaningfully’ reform the entire healthcare delivery system.”?  More simply put, the Workgroup’s initial recommendations seemed to me to

The Office of the National Coordinator for Health Information Technology (ONC) is seeking comments on the preliminary definition of “Meaningful Use,” as presented to the HIT Policy Committee on June 16, 2009.  Comments on the draft description of Meaningful Use are due by    5:00 pm EST June 26, 2009.  Below are links to the HIT

In accordance with the 90-day deadline established for an operating plan to be submitted to Congress on expenditures related to the $2 Billion Dollars appropriated under the American Recovery and Reinvestment Act ("ARRA") relating to health information technology ("HIT"), the Office of the National Coordinator ("ONC") has submitted its proposed ARRA Implementation Plan to Congress. The Plan’s proposed Funding Table

On April 17, 2009, the federal Department of Health and Human Services (HHS) issued guidance specifying the technologies and methodologies that render PHI unusable, unreadable, or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act of 2009

The Federal Trade Commission (FTC) posted its proposed rule today implementing new breach notification requirements for health records, which were required to be promulgated by the Health Information Technology for Economic and Clinical Health ("HITECH") Act.  The FTC rule will apply to vendors of personal health records and related entities not covered directly by HIPAA.  

The Department

Today, President Obama signed the Health Information Technology for Economic and Clinical Health Act (known as the "HITECH Act") into law. The final version of HITECH Act is posted on the Library of Congress’ THOMAS website. The HITECH Act addresses various aspects relating to the use of health information technology ("H.I.T."), including providing for federal