The Health Information Technology for Economic and Clinical Health Act, simply known as the HITECH Act to many, was officially enacted under Title XIII of the American Recovery and Reinvestment Act of 2009, and is considered a major piece of health care legislation in many ways. Specifically, HITECH advocates the adoption of electronic health records (EHR) for creating efficiency, transparency, and overall improvements in care. And there are many provisions within the Act that require much attention by various parties, particularly Subpart D—Notification in the Case of Breach of Unsecured Protected Health Information. It's a huge goal and a large task indeed, with untold numbers of organizations being affected by the HITECH Act. Essentially, HITECH emphasizes the concept of "meaningful use", whereby the main components are the following:
- The use of a certified electronic health records (EHR) in a meaningful manner, such as e-prescribing.
- The use of certified EHR technology for electronic exchange of health information to improve quality of health care.
- The use of certified EHR technology to submit clinical quality and other measures.
HITECH ACT | EHR Technology
Essentially, providers need to show they're using certified EHR technology in ways that are deemed beneficial, ultimately resulting in the following
- Improvement of care coordination
- Reduction of healthcare disparities
- Engaging of patients and their families
- Improving the population and public health
- Ensuring adequate privacy and security
Its without question a transformational piece of legislation that advocates, dictates - and ultimately requires - a significant expansion in the exchange of electronic protected health information (ePHI). And for purposes of regulatory compliance - specifically for that of HIPAA Privacy and Security, the HITECH Act, what you need to know about is Subpart D—Notification in the Case of Breach of Unsecured Protected Health Information, which consists of the following areas:
§ 164.400 Applicability.
§ 164.402 Definitions.
§ 164.404 Notification to individuals.
§ 164.406 Notification to the media.
§ 164.408 Notification to the Secretary.
§ 164.410 Notification by a business associate.
§ 164.412 Law enforcement delay.
§ 164.414 Administrative requirements and burden of proof.
Subpart D essentially strengthens the civil and criminal enforcements of the HIPAA Privacy and Security Rules by placing strong requirements and mandates on breaches. And for purposes of HITECH Subpart D, breach means the following:
"the acquisition, access, use, or disclosure of protected health information in a manner not permitted under subpart E of this part which compromises the security or privacy of the protected health information".
HIPAA Privacy | Security | HITECH Subpart D | Download Policies
And once again, just like many other regulatory compliance requirements - especially that of HIPAA, adherence to the HITECH ACT, Subpart D—Notification in the Case of Breach of Unsecured Protected Health Information, requires organizations to have in place documented policies and procedures, for which the Global Information Security Compliance Packet (GISCP) set documents from Flat Iron Technologies, LLC can help with. Specifically, when purchasing and downloading from Flat Iron Technologies, LLC, you'll receive hundreds of policy and procedure templates for helping organizations become compliant with various provisions of the HIPAA Privacy and Security rulings - and ultimately with the HITECH ACT, Subpart D—Notification in the Case of Breach of Unsecured Protected Health Information.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.