HIPAA Compliance Questions to Ask as HITECH Date Nears
Editor's note: This is the first of a three-part series this week focusing on expert advice on complying with HIPAA and preparing for HITECH regulations. The HITECH compliance date for business associates to comply with the security rule is Wednesday, February 17.
As a HIPAA covered entity, you should watch HITECH closely.
So as your organization works to comply with breach notification regulations and sets up a "harm threshold" risk analysis team, per HITECH, it should also go back to HIPAA security 101.
"HITECH did include significant changes, but the bottom line is and especially security officers need to do is make sure they actually comply with the HIPAA Security Rule," says Chris Apgar, CISSP, president, Apgar & Associates, LLC, in Portland, OR.
Business associates (BAs) are concerned that by February 17, they must comply with the HIPAA Security Rule and the use and disclosure provisions of the privacy rule. In reality, Apgar says BAs should have been compliant since 2003 for privacy and 2005 for security, by contract.
"Yes, the new requirements [especially breach notification] need to be addressed, but the bottom line is many covered entities and business associates have consistently failed to comply with the HIPAA Security Rule," Apgar says. "I find this over and over when conducting compliance audits."
And it's not as if HIPAA Security Rule compliance is all technical. The most significant risk, and the largest section of the security rule itself, is administrative safeguards.
"You can have the best technical security infrastructure in the industry, but that will not adequately protect against breaches and carelessness," Apgar says. "This is another reason why training and policies and procedures are so important."
- Readmissions: No Quick Fix to Costly Hospital Challenge
- How Top-Ranked MA Plans Earn Their Stars
- House Calls Key to Pioneer ACO Success
- How Telehealth Pays Off for Providers, Patients
- Ebola: Health Officials Try to Quell Front Line Fears
- Defensive Medicine Still Prevalent Despite Tort Reform
- 4 Ways to Lower the Cost to Collect from Self-Pay Patients
- 'Overtreatment' Debate Circles Back to Lung Cancer Screening
- How Hospitals Can Become 'Upstreamists'
- 4 Tips for Managing Employed Physicians