Thursday, June 18, 2009

Five Point HITECH Prep Plan

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) compliance deadline is September 18, 2009. The law sets new health privacy requirements, including a breach notification mandate and a broader definition of "personal health information" (PHI). In an article for CSO, ID Experts Chief Security Officer Rick Kam outlines steps organizations can take toward compliance. Among them, Kam recommends: conducting a risk-based assessment; securing PHI; and planning for breach detection and response, among others. "[The Act] will likely affect every aspect of your operations...," Kam writes. "With increasing risks, a better understanding of the compliance process will benefit your patients, your employees and your business." Full Story

2 comments:

Sean D. Fleming said...

This article is wrong in two instances. I quote a comment left on the article, "There are a few inaccuracies in this article. The "PHI" under HIPAA and the HITECH Act stands for protected health information, not personal health information. Also, HITECH does not "widen the definition of what PHI must be protected". It specifically adopts the HIPAA definition of PHI (see. s. 13400 (12) of HITECH.)

As compared to HIPAA, the HITECH Act does not result in "lower thresholds, shorter timelines and stronger methods for data breach victim notification" because the original HIPAA privacy and security rules were silent on breach notification.

The true range of penalties under HITECH is from $100 - $1.5 million. They do not start at $25,000 as stated in the article."

I have check into this and this person is correct.

AMIT said...

I dont know much but its nice post.

Finance Bookmark