HITECH Regulations and Compliance

Title XIII of ARRA, also known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act), reserves $22 billion to "advance the use of health information technology" -- in large part so the U.S. will be able to move to e-health records by a 2014 deadline.

The HITECH Act includes a number of measures designed to broaden the scope and increase the rigor of HIPAA compliance. New updates to the law are added on a regular basis. In terms of the management and protection of PHI data, five key areas are especially important.

  1. Increased responsibility for Information Security Officers (Electronic Communication) The HITECH Act requires proactive administrative management of all users who have access to or connect to the chosen communication system. The authority and responsibilities roles of the Information Security Officer are significantly increased. Actions taken by the Information Security Officer are required to have an audit trail.
  2. Proactive enforcement The HITECH Act requires periodic audits to ensure that covered entities and business associates are in compliance with the requirements of the HITECH Act. If required technology is not in place by 2015, these incentives turn into penalties and payment cuts.
  3. Extension of HIPAA rules to business associates The new law basically extends HIPAA privacy and security requirements to cover the business associates of covered entities. These business associates can include health information exchange organizations, regional health information organizations. In effect, these associates are now subject to the same requirements for PHI data security as covered entities.
  4. Stricter requirements for breach notifications The HITECH Act requires that patients be notified of any unauthorized acquisition, access, use, or disclosure of their unsecured PHI that compromises the privacy or security of such information.
  5. Encryption as a recognized methodology for protecting PHI The HITECH Act requires the secretary of HHS to issue guidance specifying the technologies and methodologies that render protected health information "unusable, unreadable or indecipherable" to unauthorized persons. HHS guidance identifies two encryption processes recognized by the National Institute of Standards and Technology (NIST) as rendering protected health information unusable, unreadable or indecipherable.

Axcension HIPAA HITECH Compliance Solution

Axcension's Data Security delivers dual value for HIPAA Security, HIPAA Privacy and HITECH Breach Disclosure Safe Harbor, enabling covered entities to:

  • Gain safe harbor from HITECH data breach disclosure through meeting DHHS, FTC, HITECH and NIST 800-111 requirements
  • Quickly, in as little as 5 days, implement high performance, transparent encryption with and access control for databases, files, content management systems, and other stored electronic patient health records
  • Obtain strong separation of duties and mitigate insider threat
  • Implement HIPAA Security mandated access controls and addressable encryption requirements
  • Lower overall cost through ease of key management and rapid implementation
  
 

                         

   
     

 
 

 

 

Privacy    Disclaimer

 

COPYRIGHT 2013

AXCENSION, INC.

ALL RIGHTS RESERVED.

 

 

 

 

 

Home    About Us    Cloud Services    Technology    Clients    Technical Skills    Client List    Web Portfolio

Compare Cloud Services    Application Development    Business Technology Services    Cloud Services

Infrastructure as a Service    Mobile Applications    Platform as a Service    Data Security

Virtualization    Software as a Service    Web-Native Technology    Application Hosting

Managed Hosting    Compliance Hosting    Platform Hosting    Database Hosting    Healthcare - HIPAA

Finance - GLBA    Legal - SOX    Banking - HITECH    Data Security - PCI DSS    Contact Us