Compliance with the HITECH Act

Copyright (c) 2011 Joe Maldonado

The Health Information Technology for Economic and Clinical Health (HITECH) Act was signed into law in 2009. It was a part of the American Recovery and Reinvestment Act of 2009. Security and privacy concerns were beginning to surface concerning the electronic transmission of private health information. Such concerns were attended to in subtitle D of the HITECH Act. The criminal and civil execution of the HIPAA Act was reinforced by many stipulations of this act.

Section 13410(d) of the HITECH Act was officially in effect on the 18th of February, 2009. At this point Section 1176(a) the Social Security Act was revised by establishing: - Four categories of violations, each with increased levels of liability - Penalty amounts that correspond with each category, with the penalty rising at each infraction - The maximum penalty of $1.5 million can be imposed for identical violations.

Section 1176(b) of the Act was also changed by: - Removing the ban for imposing penalties when the accused entity was unaware and would have stayed that way even if they had made a reasonable effort - Banning the enforcement of penalties for corrected violations, as long as they were corrected within thirty days and the violation was not a result of willful negligence on the part of the entity in question

There is a lot that goes into protecting an individual's privacy under the HIPAA Privacy requirements. Every entity would be well advised to choose someone to be a privacy officer. This person should oversee the privacy rules that are set and practiced where they are located. The chosen privacy officer should be responsible for training any and all employees on what is considered to be standard protocol as well as any changes made to procedures. The privacy of the individual should be insured by taking several precautions. Keep in mind that there are things that can be done which are as easy as keeping patient charts closed and out of view from other patients. The only information that staff members should be allowed to access is the information they need to do their job. For example, nurses have no need to see the billing information for a patient they are treating, but another employee would need to see the billing information and not their treatment information. To help stay within the guidelines, require passwords to gain access to private information stored on computers and put locks on any cabinets or rooms containing PHI.

The range for penalties for violations is from $100-$1.5 million per calendar year of violations. The punishment will get determined based upon the extent of the violation, in addition to the amount of harm caused by the violation in reference. If you are one of the entities who are required by law to remain in compliance with the HIPAA Act, you are subject to penalties put in place by the Department of Health and Human Services as well as any criminal penalties enforced by the Department of Justice.

Comments? Questions? Email Here

© HowtoAdvice.com

How to Advice .com