Business Counsel Services

HITECH Expansion of HIPAA-Are you Compliant?

On February 17, 2009, the Stimulus Bill was signed into law primarily to stabilize the struggling economy by creating jobs and assisting those affected by the recession. Quietly, an­other significant set of provi­sions were included called the Health Information Technology for Economic Clinical Health ("HITECH") Act, addressing the protection of electronic protected health information ("PHI"). It is important to be aware that the HITECH Act requirements became effective on February 17, 2010.

 Essentially, the HITECH Act expands the Privacy and Secu­rity Rules of the Health Insur­ance Portability and Account­ability Act of 1996 ("HIPAA") to directly apply to business associates (previously done through contracts) and adds some additional notification requirements. The specific requirements were previously discussed in detail in the arti­cle titled "It's Not Just About the Money – How the New Stimulus Bill Expands HIPAA Privacy and Security Require­ments," published in the May 2009, Volume 6, Issue 2, Set­tlePou Newsletter. It should be noted that CPAs, lawyers and business consultants or any other business that ac­quires PHI are included within the scope of the definition of "business associates" and, therefore, must implement the statutory safeguards, poli­cies and procedures to pro­tect the PHI they are receiving from covered entities. This requires that business associ­ates develop and implement a HIPAA policy as of February 17. 2010. So if you have not developed a HIPAA policy you are not in compliance!

 Applicable individuals and businesses should have already initiated efforts to determine if their privacy and security procedures are in compliance with the new rules and ad­dress any deficiencies accord­ingly.

 By Michael S. Byrd and Bradford E. Adatto

Leave a Reply