Whether you’re a covered entity, business associate, government organization, or
simply concerned with privacy of Electronic Protected Health Information (ePHI),
learning about HIPAA and HITECH is a necessary and important first step toward compliance.
The health care industry and its business associates face significant challenges
in order to meet the new compliance requirements resulting from the Health Information
Technology for Economic and Clinical Health (HITECH) Act. In fact, this legislation
now imposes the most significant set of new health care privacy and security obligations
since the initial adoption of the Health Insurance Portability and Accountability
Act (HIPAA) Privacy Rule in 1996.
The changes provide substantial new authority for increased and additional penalties
for HIPAA violations, extend the effective reach of HIPAA coverage to business associates,
change certain use and disclosure rules, and create additional individual rights.
They also will force organizations to reevaluate their overall privacy compliance
programs and implement more effective information security practices, including
encryption wherever possible.
Healthcare organizations and their business associates need to be mindful of the
critical role email plays in their day to day operations. The insecure nature of
email combined with its inherent high volume of traffic makes it particularly susceptible
area for HIPAA-related violations. This reliance on email should inevitably place
it at the top of the healthcare compliance checklist.