How the HITECH Act Impacts a Business Associate
General

How the HITECH Act Impacts a Enterprise Affiliate

HIPAA compliance necessities have been enormously modified with the American Restoration and Reinvestment Act (ARRA) and its Title XIII known as the HITECH (Well being Data Know-how for Financial and Medical Well being) Act. With the introduction of this new legislation, enterprise associates are actually accountable for the privateness and safety necessities that beforehand had been required solely by lined entities. As well as, a enterprise affiliate is now topic to civil and felony penalties. This additionally features a provision that lets sufferers obtain monetary compensation for a violation of their privateness.This new federal legislation has added power to the enforcement portion of the legislation. The numerous adjustments embody:Workers and different workforce members, together with unbiased contractors, are actually topic to civil penalties. Because of this people are additionally now accountable legally.
There’s a requirement for HHS to formally examine any complaints and to impose civil penalties for violations of the principles if the violation is because of “willful” neglect.
The legislation requires that any civil financial penalties or financial settlements because of a violation of the principles be despatched to the Workplace of Civil Rights (OCR) for enforcement of the privateness and safety guidelines.
Civil financial penalties now have a tiered system starting from $100 to $50,000 relying on the offense.
The Secretary of HHS is required to conduct periodic audits to make sure that lined entities and enterprise associates are compliant with the brand new guidelines.
The State Attorneys Common now have the authority to carry swimsuit in district courts for any violation on behalf of the residents of their state.What Steps Ought to a Enterprise Affiliate Take to make sure you’re Compliant?Step one is being certain you’re correctly categorised. For instance, in case you are an unbiased contractor working for a service and never straight contracting with a lined entity, that most likely means you aren’t a enterprise affiliate, however an agent or subcontractor of a enterprise affiliate. It can be crucial, nonetheless, for unbiased contractors to grasp in case your contract is straight with the lined entity, that makes you a enterprise affiliate and all the new legal guidelines do apply to you.Some issues you must contemplate embody:Assigning accountability for compliance to at least one particular person. When you can have a workforce engaged on compliance points, one particular person have to be named because the compliance officer and be accountable. This doesn’t should be an worker and you should utilize a guide if that works finest for you, nonetheless, it’s vital that you’ve got this particular person recognized.
Encryption of all digital recordsdata. The HITECH Act has made the usage of encryption the one factor that gives a “safe harbour” for not having a breach. Knowledge that isn’t encrypted is taken into account unsecured in keeping with the legislation. When you might already be utilizing encryption for information transfers, this legislation additionally requires that data be encrypted whereas “at rest.” This will require that you simply add encryption to all digital recordsdata which can be saved anyplace in your system. In case you are in medical transcription, do not forget that this can even embody the voice recordsdata saved on any dictation system. The Secretary of HHS will evaluate these requirements yearly for any adjustments.
Breach notifications. Whereas HIPAA has at all times required {that a} enterprise affiliate notify their consumer of any breaches of  data, the legislation now makes you answerable for being certain the notification is finished. A breach is outlined as acquisition, entry, use or disclosure of unsecured PHI that isn’t permitted underneath HIPAA and that compromises the privateness or safety of the data. Keep in mind that unsecured information means unencrypted. Documentation of breech notifications have to be stored for six years.
Make sure you’re compliant with each the privateness and safety guidelines. There are numerous factors to contemplate in these guidelines. You could have written insurance policies and procedures. You could have a written threat evaluation completed. You additionally should have a contingency plan in place for any type of enterprise disruption. Your programs even have to supply audit trails for who accesses protected well being data.
Notice you’re answerable for the actions of your workforce. The foundations require coaching of the workforce, which have to be completed and documented. In case you have distant employees, this may be extra of a problem, however it’s potential.
One other important change is that enterprise associates are actually answerable for making an attempt to cease any violations by the lined entity (their consumer). This consists of issues even as much as canceling your contract with a consumer who refuses to repair a violation or prefers to disregard the legislation. Each events are answerable for doing this for the opposite, and this might very effectively change a few of the relationships you at present have together with your shoppers.
Documentation. Keep in mind, it is all about being certain you may have issues documented. Use the rule of thumb that claims “if it’s not documented, it wasn’t done.” It’s now not acceptable to only say you’re compliant. You could have written documentation to indicate that you’ve got completed all the required steps.The adjustments which have come because of the HITECH Act definitely have a big effect on enterprise associates. The date for compliance is previous. If you have not taken the required steps, now’s the time to do it.