Security laws, regulations and guidelines directory

By CSO staff, CSO |  Security, privacy, regulation

4. National Identifier Requirements: Requires that health care providers, health plans and employers have standard national numbers that identify them on standard transactions. This rule is administered by The Centers for Medicare & Medicaid Services.

5. Enforcement Rule: Provides standards for enforcing all the Administration Simplification Rules.

Source: U.S. Department of Health and Human Services, HIPAASurvivalGuide.com

The Health Information Technology for Economic and Clinical Health Act (HITECH)

What it covers: Part of the American Recovery and Reinvestment Act of 2009, the HITECH Act significantly modifies HIPAA by adding new requirements concerning privacy and security for patient health information. It widens the scope of privacy and security protections available under HIPAA, increases the potential legal liability for non-compliance and provides for more enforcement.

Who is affected: Health care providers, health plans, health clearinghouses and "business associates," including people and organizations that perform claims processing, data analysis, quality assurance, billing, benefits management, etc.

Link to the law: http://www.hipaasurvivalguide.com/hitech-act-text.php (easy to read format)

More formal version: http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/hitec...

Key requirements/provisions:

* Expansion of HIPAA security standards to "business associates," including people and organizations (typically subcontractors) that perform activities involving the use or disclosure of individually identifiable health information, such as claims processing, data analysis, quality assurance, billing, and benefit management, as well as those who provide legal, accounting, or administrative functions.

* Increased civil penalties for "willful neglect."

* Data breach notification requirements for unauthorized uses and disclosures of "unsecured PHI." These notification requirements are similar to many state data breach laws related to personally identifiable financial information data.

* Stronger individual rights to access electronic medical records and restrict the disclosure of certain information.

* New limitations on the sale of protected health information, marketing and fundraising communications.

Source: U.S. Department of Health and Human Services, HIPAASurvivalGuide.com

Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule)


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness