HIPAA Compliance Questions to Ask as HITECH Date Nears
Editor's note: This is the first of a three-part series this week focusing on expert advice on complying with HIPAA and preparing for HITECH regulations. The HITECH compliance date for business associates to comply with the security rule is Wednesday, February 17.
As a HIPAA covered entity, you should watch HITECH closely.
So as your organization works to comply with breach notification regulations and sets up a "harm threshold" risk analysis team, per HITECH, it should also go back to HIPAA security 101.
"HITECH did include significant changes, but the bottom line is and especially security officers need to do is make sure they actually comply with the HIPAA Security Rule," says Chris Apgar, CISSP, president, Apgar & Associates, LLC, in Portland, OR.
Business associates (BAs) are concerned that by February 17, they must comply with the HIPAA Security Rule and the use and disclosure provisions of the privacy rule. In reality, Apgar says BAs should have been compliant since 2003 for privacy and 2005 for security, by contract.
"Yes, the new requirements [especially breach notification] need to be addressed, but the bottom line is many covered entities and business associates have consistently failed to comply with the HIPAA Security Rule," Apgar says. "I find this over and over when conducting compliance audits."
And it's not as if HIPAA Security Rule compliance is all technical. The most significant risk, and the largest section of the security rule itself, is administrative safeguards.
"You can have the best technical security infrastructure in the industry, but that will not adequately protect against breaches and carelessness," Apgar says. "This is another reason why training and policies and procedures are so important."
- New G-Codes to Pay Doctors for Broad Array of Non-Face-to-Face Care
- CMS Sets 2014 Pay Rates for Hospital Outpatient and Physician Services
- States Rejecting Medicaid Expansion Forgo Billions in Federal Funds
- Douglas Hawthorne—A Chance to Do Something Big
- Why You Should Involve Patients in Nursing Handoffs
- Not-for-Profit Hospitals Find Opportunity Amid Uncertainty
- Telehealth Improves Patient Care in ICUs
- The 5 Biggest Healthcare Finance Trouble Spots
- 'Country Doctor of the Year' Embraces Challenges of Rural Medicine
- Substance Abuse Resurfaces Among Anesthesiologists in Training