HITECH means keeping your PHI secure.
Looking to take advantage of the incentives around 'Meaningful Use of' certified EHRs? Don’t forget security, or these incentives could be replaced by significant fines and damaging negative publicity. In the past, HIPAA security enforcement has been somewhere between lax and non-existent. HITECH looks to change that.
As part of the ARRA, the HITECH Act of 2009 introduced incentives for the adoption of EHR. It also increased the potential liability for non-compliance and significantly enhanced the enforcement of the existing HIPAA security standard.
- The use of a certified EHR in a meaningful manner, such as e-prescribing.
- The use of certified EHR technology for electronic exchange of health information to improve quality of health care.
- The use of certified EHR technology to submit clinical quality and other measures.
Subtitle D of the HITECH act addresses important new rulings surrounding transmission of health information on your networks. This section strengthened the potential civil and criminal punishments of HIPAA compliance failures and must be taken seriously but all organizations.
- Fines increased from a cap of $25,000 (2009 and prior) to a cap of $1,500,000 (now).
- $250,000 extending to $1,500,000 for 'Willful Neglect'.
- States Attorney General may now bring action, not just HHS.
Do you know if you have had a breach? Some reports, such as the Ponemon Institute Third Annual Study on Patient Privacy, has found that up to 45% of healthcare organizations in 2012 had over 5 breaches, with only 6% of organizations not having any breaches.
- Breach Notification mandates public patient notification in the event of a suspected breach within 60 days.
- If over 500 residents of a state have been affected, you must notify the media and the Secretary of HHS regarding the breach.
- Applies to unauthorized uses and disclosures of 'unsecured PHI'.
Compliance and data security go hand in hand.
Technology continues to advance in the healthcare industry and it is showing no signs of stopping. HIPAA and now HITECH require a level of security that must be adhered to in order to maintain privacy and integrity of patient information. Breaches can cost hundreds of dollars per record (Verizon 2012 DBIR) when compliance recommendations for safe harbor have not been met.
Make sure that your business needs are aligned with security requirements that HIPAA and HITECH have put forward so that you don't fall prey to a malicious attacker or an accidental loss of private data forcing a data breach notification. If you're just starting to build a HIPAA compliant infrastructure or have a well-established network, it's never too soon to get started on being fully compliant.
Stacking up to others
By leveraging successful peer comparison of HIPAA compliant infrastructure similar to your own, you can be assured that your private information is secure.
Make sure current methods work
Evaluating the effectiveness of your existing information security capabilities is paramount to keeping your data secure and being compliant.
Compliance is more than just policies
By focusing on the subtle details, from access controls to infrastructure cabling, you can be sure that you're wholly secure.
Our team is yours
NetWorks Group senior auditors have years of experience investigating compliance gaps and developing plans to remedy any issues found.
Our approach to HIPAA compliance
The stakes are high, and NetWorks Group can help your organization minimize the risks associated with HIPAA compliance. Our experienced auditors will help you assess your current risks, remediate any gaps that are found, and manage any ongoing risk.
In-depth review of technical controls and policies, physical controls and contracts for third party compliance and map those areas to security standards for HIPAA best practices.
The Big Picture
Within the final report, NetWorks Group provides a matrix for all of the findings and the level of risk that each finding carries for you.
Remediation That Makes Sense
We provide a detailed remediation roadmap on how to fix gaps and our network and security engineering teams can help implement those fixes.