COMPLIANT WITH HITECH BREACH MANDATES?
Covered entities and business associates that hold, use or disclose “unsecured PHI” now have a legal duty to notify certain parties in the event of a “breach.” Currently, a covered entity is not required to notify individuals of privacy or security breaches unless the covered entity determines that such notification is necessary to mitigate damage to the individual.

The term ‘‘breach’’ means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information. Sec . 13400. Definitions. American Recovery and Reinvestment Act of 2009

If a breach occurs, a covered entity must notify each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed. Business associates of covered entities must, after discovery of a breach, notify the covered entity of a breach and let the covered entity know the identification of each individual whose unsecured PHI has been, or is reasonably believed to have been, accessed, acquired, or disclosed.

A breach is considered to be “discovered” as of the first day on which the breach is known. Typically, written notice describing the breach must be made “without unreasonable delay” and it must occur within 60 days of the discovery of the breach.

WANT TO LEARN MORE ABOUT THE HITECH ACT AND HIPAA? Contact Steve.Ferrick@ecfirst.com or call 1.877.899.9974 x14 to schedule an executive brief exclusively for your organization to address State regulations, U.S. federal regulations such as HIPAA and the new HITECH Act and international standards such as the ISO 27000 series.

ARE YOU IN COMPLIANCE WITH CALIFORNIA OR MASSACHUSETTS' NEW SECURITY REGULATIONS? 

Schedule a tailored 60-minute webinar with cyber security and compliance expert Ali Pabrai to examine the mandatory requirements of several California security regulations including SB 1386, AB 1950, AB 1298, AB 211, SB 541 and others or the Massachusetts 201 CMR 17.00. New regulations will result in organizations establishing a comprehensive security program to meet mandates. Pabrai will step through frameworks that may be applied to enable your organization to comply with numerous California or Massachusetts’ requirements for protecting personal information. For more information, please visit www.ecfirst.com. To bring this program to your site, please contact John Schelewitz at 1.480.663.3225 or email him at John.Schelewitz@ecfirst.com.

HIPAA CERTIFICATION ONLINE UPDATED WITH NEW HEALTHCARE PRIVACY & SECURITY MANDATES

Learn about key aspects of the new HITECH Act (economic stimulus bill recently enacted) and the HIPAA regulation including Transactions and Code Sets, Identifiers, Privacy and Security. HIPAA Academy, the industry’s gold standard for HIPAA training, certification and consulting, has made available on-line the content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified HIPAA Security Specialist (CHSS).

Recent clients include many hospitals, long term care organizations, BCBS, several business associates and leading firms such as Microsoft, McKesson, Symantec, IBM, HP, E&Y, Kaiser Permanente and many others. Review the content and take the exams on-line. Get certified on-line with the HIPAA Academy. For details, please visit www.HIPAAAcademy.Net