Here to discuss your legal questions.

Healthcare: HIPAA and HITECH Compliance

Healthcare professionals generate personal information on patients and there is a need to establish a set of security controls and objectives in order to handle risk management of that information.  These are quite technical and complicated but understanding the risk and being in compliance is critical for any healthcare organization.

The HIPAA (Health Insurance Portability and Accountability Act) of 1996 and the HITECH (Health Information Technology for Economic and Clinical Health) Breach Notification requirements were enacted to be sure that privacy safeguards would be in place for the personal data that is collected, stored, processed or transmitted in the process of operating a healthcare business.

Your organization will need to establish a set of security controls and objectives based on specific operations to handle risk management of this information.  You will be responsible for keeping that information safe and transmitting it to others in a safe manner.

Engaging an attorney to review the processes you are currently using will help you be sure all rules and regulations are being followed.  In addition, educating those working in these areas may also be critical to helping them understand the consequences that come to both the institution and to them personally, should they fail in being sure the organization is in compliance.  An attorney can provide that training and help them understand it’s importance.

Whatever computer program you currently use, a periodic review of your protocol can be very important from the legal perspective should a mistake be made and information not be properly protected.  Being proactive and taking the necessary steps before an error is made is critical to avoiding the penalties and data security breaches that can happen.

You are responsible to make any improvements necessary to conform to HIPAA and HITECH standards but your attorney should be part of that process, especially when an audit is required.