HIPAA Compliance Questions to Ask as HITECH Date Nears
Editor's note: This is the first of a three-part series this week focusing on expert advice on complying with HIPAA and preparing for HITECH regulations. The HITECH compliance date for business associates to comply with the security rule is Wednesday, February 17.
As a HIPAA covered entity, you should watch HITECH closely.
So as your organization works to comply with breach notification regulations and sets up a "harm threshold" risk analysis team, per HITECH, it should also go back to HIPAA security 101.
"HITECH did include significant changes, but the bottom line is and especially security officers need to do is make sure they actually comply with the HIPAA Security Rule," says Chris Apgar, CISSP, president, Apgar & Associates, LLC, in Portland, OR.
Business associates (BAs) are concerned that by February 17, they must comply with the HIPAA Security Rule and the use and disclosure provisions of the privacy rule. In reality, Apgar says BAs should have been compliant since 2003 for privacy and 2005 for security, by contract.
"Yes, the new requirements [especially breach notification] need to be addressed, but the bottom line is many covered entities and business associates have consistently failed to comply with the HIPAA Security Rule," Apgar says. "I find this over and over when conducting compliance audits."
And it's not as if HIPAA Security Rule compliance is all technical. The most significant risk, and the largest section of the security rule itself, is administrative safeguards.
"You can have the best technical security infrastructure in the industry, but that will not adequately protect against breaches and carelessness," Apgar says. "This is another reason why training and policies and procedures are so important."
- $6.4B Henry Ford, Beaumont Merger Failed on Cultural Hurdles
- Don't Let Nurses Sink Your Bottom Line
- Hospitals Profit On Bloodstream Infections
- Fortunately, Angelina Jolie Isn't On Medicare
- Less Blood Testing for Some Surgeries Safe, Cost Effective
- How Chargemaster Data May Affect Hospital Revenue
- Lower ED Margins Demand a Better Strategy
- Primary Care Docs Average More Hospital Revenue Than Specialists
- House Lawmakers Grill CMS Over Health Exchange Navigators
- ED Physicians Key to Half of Hospital Admissions