your complete resource
Forward this Email

HIPAA Tip

The HIPAA Tip is emailed regularly each month. In it you will find valuable information to ensure you are current on the latest news, trends and regulatory issues surrounding HIPAA. Subscribers total over 2,500.

If you're looking for assistance in HIPAA compliance training solutions, please contact:

 

Ali Pabrai, Security+, CISSP,
CHP, CSCS
ecfirst.com/HIPAA Academy,
Chief Executive
www.HIPAAAcademy.Net
August 12, 2009

HITECH Data Breach Discovery & Notification

Data breaches introduce a significant risk to hospitals and health systems.  The HITECH Act in particular requires healthcare providers, payers and clearinghouses (Covered Entities) and Business Associates, to start reporting breaches, not only to patients, but also to the U.S. Department of Health and Human Services (HHS) and the media, based on the number of individuals impacted by the breach.  This is a sweeping change in the industry. 

According to The Wall Street Journal (February 2, 2009):

  • Cost of data breach rose to $202 for each compromised record
  • Average cost of healthcare breach was $282 for each record
  • Average expense to an organization was $6.6 million
  • Vast majority caused by negligence
  • Portable devices, laptops are responsible for growing # of breaches

The term ‘‘breach’’ means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.

The HITECH Act introduces specific requirements for business associates to report breaches by a covered entity.  Business associates that violate the HIPAA Security Standards or the required terms of their business associate contracts now will be subject to the same civil and criminal penalties as covered entities.

Is your organization prepared to address the data breach notification requirements of the HITECH Act?

To address the policy requirements of the data breach section of the HITECH Act, organizations need to:

  1. Develop a tailored Data Breach Discovery Policy
  2. Develop a tailored Data Breach Notification Policy for patients (clients), HHS and the Media.
  3. Develop a tailored Data Breach Management Policy
  4. Work with the Director of Compliance and IT to discover, document, and turn over a Data Breach Technical and Operational Procedure
  5. Identify current capabilities to detect an EPHI Data Breach, document those, and recommend improvements
  6. Provide staff with a training program about critical data breach requirements and associated policies. 

Contact John Schelewitz at ecfirst at +1.480.663.3225 or at John.Schelewitz@ecfirst.com, to discuss compliance with State regulations as well as the HITECH Act and HIPAA.  Talk to ecfirst about their exclusive Managed Compliance Services Program (MCSP) to address HITECH, HIPAA, and State mandates.

Compliant with HITECH Data Breach Mandates? 

Join our webcast Friday, September 4
HITECH Data Breach requirements for discovery and notification introduce a risk to organizations that must be addressed.  With enforcement dates fast approaching, it is critical for organizations to develop policies, procedures, and processes to address data breach mandates.

Join cyber security and compliance expert, Ali Pabrai for this fast-paced, fact-loaded, 60-minute webcast.

To register, please visit www.ecfirst.com