AHA Solutions
Resources for Hospitals
Forward this Email

 

HIPAA Tip

The HIPAA Tip is emailed the second, third and fourth Wednesday of every month.  In it you will find valuable information to ensure you are current on the latest news, trends and regulatory issues surrounding HIPAA. Subscribers total over 2,500.

If you're looking for assistance in HIPAA compliance training solutions, please contact:

Ali Pabrai, Security+, CISSP, CHP, CSCS
ecfirst.com/HIPAA Academy, Chief Executive
www.HIPAAAcademy.Net

HIPAA Academy's HIPAA Compliance Training Solutions have the exclusive endorsement
of the American Hospital Association (AHA).


To learn more about AHA-Endorsed products and services and the AHA Solutions Signature Learning Series, please call
(800) 242-4677 or visit www.aha-solutions.org

July 22, 2009

Addressing HITECH Data Breach Mandates

 

Covered entities and business associates that hold, use or disclose “unsecured Personal Health Information (PHI)” now have a legal duty to notify certain parties in the event of a “breach.”  

 

If a breach occurs, a covered entity must notify each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed. Business associates of covered entities must, after discovery of a breach, notify the covered entity of a breach and let the covered entity know the identification of each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed. A breach of more than 500 records must be reported to local media outlets and immediately to HHS.

 

To address the policy requirements of the data breach section of the HITECH Act, organizations typically will need to address the following capabilities and establish associated processes:

  • Develop a tailored EPHI Breach Identification and Notification Policy
  • Create EPHI Data Breach policy
  • Discover and document an EPHI Data Breach Technical and Operational Procedure
  • Identify and document current capabilities to detect an EPHI Data Breach – establish recommendations for improvement

A breach is considered to be “discovered” as of the first day on which the breach is known. Typically, written notice describing the breach must be made “without unreasonable delay” and it must occur within 60 days of the discovery of the breach.

 

Is your organization in compliance with HITECH’S Data Breach Notification mandate?

 

Contact Lorna.Waggoner@ecfirst.com or call 1.877.899.9974 x17 to discuss HITECH data breach provisions and how your organization can meet compliance mandates for HIPAA and the HITECH Act. ecfirst, home of the HIPAA Academy, offers the industry’s first 36-month managed compliance services program (MCSP) to address HIPAA and HITECH compliance requirements.

 

Webcast: Are You In Compliance with HITECH’s Data Breach Mandate? July 27 at Noon Central.

The HITECH Act requires healthcare providers, payers and clearinghouses (Covered Entities) and Business Associates, to start reporting breaches, not only to patients, but also to the U.S. Department of Health and Human Services (HHS) and the media, based on the number of individuals impacted by the breach.  This is a sweeping change in the industry. The HITECH Act introduces specific requirements for business associates to report breaches by a covered entity. Join expert Ali Pabrai, CISSP, CSCS and other experts to examine how best to comply with the HITECH Data Breach Mandate. Register at www.ecfirst.com.

 

Are You in Compliance with California or Massachusetts’ New Security Regulations?  

Schedule a tailored 60 minute webcast with cyber security and compliance expert Ali Pabrai to examine the mandatory requirements of several California security regulations including SB 1386, AB 1950, AB 1298, AB 211, SB 541 and others or the Massachusetts 201 CMR 17.00. New regulations will result in organizations establishing a comprehensive security program to meet mandates. Pabrai will step through frameworks that may be applied to enable your organization to comply with numerous California or Massachusetts’ requirements for protecting personal information. For more information, please visit www.ecfirst.com. To bring this program to your site, please contact John Schelewitz at 1.480.663.3225 or email him at John.Schelewitz@ecfirst.com.

 

HIPAA Certification Online Updated With New Healthcare Privacy & Security Mandates

Learn about key aspects of the new HITECH Act (economic stimulus bill recently enacted) and the HIPAA regulation including Transactions and Code Sets, Identifiers, Privacy and Security. HIPAA Academy, the industry’s gold standard for HIPAA training, certification and consulting, has made available on-line the content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS).

 

Recent clients include many hospitals, long term care organizations, BCBS, several business associates and leading firms such as Microsoft, McKesson, Symantec, IBM, HP, E&Y, Kaiser Permanente and many others. Review the content and take the exams on-line. Get certified on-line with the HIPAA Academy. For details, please visit www.HIPAAAcademy.Net or call Eugene Kunkle at Eugene.Kunkle@ecfirst.com.