Anonymous, bureaucrat, administrator
7,528
edits
Changes
From All n One's bxp software Wixi
no edit summary
Although not certified to any of this standard Sungard deliver to Tier 4. For more information please review [[Business_Express_in_Sungard]]
=== HIPAA and HITECH ===
bxp software is not currently HITECH compliant.
==== HIPAA ====
One of the goals of the Healthcare Information Portability and Accountability Act, (HIPAA) signed into US law in 1996, was to ease the ability for workers to continue their healthcare insurance coverage when moving from one provider to another, for example, when moving between jobs. HIPAA regulations help ensure the uninterrupted coverage for patients, healthcare organizations needed the ability to share medical records efficiently and reliably.
To facilitate the efficient transfer of records, the bill set forth standardized terminology and Electronic Data Interchange (EDI) code sets. This standardization further pushed the migration of paper-based records to electronic medical records. But the ease of transferring patient information electronically also increased the risk of private data being inadvertently exposed to unauthorized parties. To address this, legislators developed security mandates to address privacy issues within HIPAA covered entities.
There are three parts of the HIPAA privacy regulations and compliance policy that IT professionals should be focused on:
* HIPAA EDI Rule (162.1000) - HIPAA establishes standards for health information technology and the use of electronic code sets. The standardization of healthcare terminology was required to eliminate confusion among providers and insurers.
* HIPAA Security Rule (164.306) - HIPAA establishes safeguards to protect the confidentiality, integrity, and availability of electronic protected health information (ePHI) that they create, receive, maintain, and transmit..
* HIPAA Privacy Rule (164.502) - HIPAA requires healthcare organizations to protect protected health information (PHI) and defines the allowable uses and disclosures of PHI in contrast to "de-identified" health information
==== What is HITECH (Healthcare Information Technology for Economic and Clinical Health) ====
In 2009, as part of an effort to stimulate the U.S. economy, $787 million was allocated with the American Recovery and Reinvestment Act (ARRA), which included legislation to broaden the scope of HIPAA, while also given investigators direct, monetary incentives for levying fines. The HIPAA-specific aspects of the ARRA are found in the Health Information Technology for Economic and Clinical Health (HITECH).
There are three major areas of change brought up by HITECH regulations are:
1.Reach
* Before: Covered Entities: healthcare organizations
* Now with HITECH regulations: Covered Entities: expanded to business associates
2.Notification
* Before: Loose notification requirements
* Now with HITECH regulations: Strict notification requirements – 60 days requirement + public notice on website (and notifying HHS)
3.Economics
* Before: 2003-2008 – 31,000 cases reported, no one fined; in 2009, CVS fined $2.25 M
* Now with HITECH regulations: Fines up to $1.5 M / year; regulators at HHS now benefit directly from fines levied (significant uptick in fines)
