|
Featured Article
|
This month's featured article is entitled "Understanding HITECH / HIPAA Risk Management Frameworks." This begs the question, what is a framework, and more specifically in this context, a legal / compliance analytical framework?
The short answer is that it is a way to "attack" a particular problem or issue. Analytical frameworks have been widely adopted across industries, ranging from legal to technology, and almost any domain you can think of in between. For good background information on analytical frameworks click here (ignore the jargon and read between the lines for the essence).
Analytical frameworks, from our perspective, are most useful when an individual (or organization) is confronting a difficult problem that is either entirely new or for some reason has taken on additional complexity. Frameworks provide guidance regarding how to think through and solve a problem, based upon the experience of others. An analytical framework is not a cookbook methodology or solution, there are no cookbook solutions to wicked problems, but rather a kind of roadmap from a fellow traveler that has previously crossed the same (or similar) territory.
Our HITECH / HIPAA Risk Management Frameworks are intended to deliver guidance, including tools, techniques, templates, and other reusable components that help you navigate, and make sense out of, this new terrain. They are intended as knowledge transfer vehicles that allow you to derive the HITECH / HIPAA compliance solution that works within your organizational context.
Additional more in depth coverage of our frameworks will be provided in our HITECH Risk Management Webinar Series. For an introduction to HITECH / HIPAA frameworks listen to this podcast.
|
 FAST Track to HITECH Act Compliance: A Roadmap
|
The Health Information Technology and Clinical Health Act (HITECH) has a profound impact on health care payers and providers. The regulation was enacted on February 18, 2009. Although the regulation does not fundamentally change the Health Information Portability and Accountability Act (HIPAA) requirements for safeguarding protected health information (PHI), it extends the jurisdiction of the original HIPAA statute from "covered entities" to "business associates." It also offers strong penalties and enforcement procedures which require immediate attention since various provisions of the act are already in effect and are enforceable. The Health and Human Services Department effective enforcement dates for various provisions and other significant deadlines are regularly updated on their website. Appendix A provides the original timeline for expected release dates.
The HITECH Act also stipulates specific breach notification requirements should an unauthorized disclosure of "unsecured" protected health information take place. Further, it stipulates specific fines and other penalties based on the nature and gravity of the breach.
The focus of this paper is to identify what we need to do to
secure and to protect "protected health information" so even if there is a loss
of data or an unauthorized access, the data is protected and not subject to the
act's penalties. To facilitate
compliance with the act's new requirements, we need to identify relevant
provisions and compliance requirements, understand the act's jurisdiction and application,
and identify the consequences of an unsecured PHI breach, including breach
disclosure requirements and potential penalties. We also
need to identify processes and methods that properly protect PHI. This will be the foundation of our strategy
and roadmap to get on the fast track to HITECH Act compliance. First, let's review the current state of
HIPAA and the enforcement of its provisions.
Read More...
|
|
Join Our Mailing List
|
Interested in staying current on HITECH / HIPAA compliance issues? Click the join our list link above and receive your own copy of the newsletter on the first business day of each month.
Also, if you are interested in "jumpstarting" you compliance efforts then check out our HITECH / HIPAA Risk Management Webinar Series. Also, if you need to compare EHR software offerings click here.
|
|
Dear Carlos,
Welcome to the December 2009 HITECH/HIPAA Compliance Newsletter. The featured article this month is entitled: "Understanding HITECH / HIPAA Risk Management Frameworks." These frameworks are targeted to executives and others who require strategic guidance during these uncertain times.
Now that the healthcare marketplace is starting to recognize the scope and magnitude of the HITECH Act, we felt it was necessary to take a step back and provide executive management teams (and other mission critical management staff) our perspective on how to move forward in a responsible and rigorous manner, especially in this highly competitive economic environment that mandates effective cost control. In short, how can an organization achieve HITECH / HIPAA compliance without breaking the bank?
The November Issue completed our in depth review of the HIPAA Security Rule. The previous two issues are foundational with respect to development of a "Security Rule framework." A framework that will be covered (and distributed) in an upcoming HITECH Risk Management Webinar (date TBD). This month's issue focuses on defining our framework approach; one that targets significant movement along the compliance continuum within well defined roadmaps.This month also features a guest article by Lester E. Flammer, Managing Partner of the Vantage Group, LLC.
Lester's article is appropriately titled "Fast Track to HITECH Compliance: A Roadmap." It covers both an overview of the HITECH Act as well as substantive details regarding best practices for securing PHI. A robust data encryption strategy and implementation is imperative for organizations that want to prevent (more likely significantly mitigate) security incidents that trigger notification. A breach notification analytical framework will be discussed in a future issue this newsletter.
Our focus from the outset has been to provide actionable information to our readers. In short, "news you can use." We received positive feedback regarding this approach at the recent World Health Care Congress Leadership Summit on HITECH and HIPAA Compliance. Our presentation slides of "Meaningful Use Under HITECH" can be found here. A summary of President Bill Clinton's keynote can be found here and here.
|
HSG Announcements
|
 The authors of the HIPAA Survival Guide (HSG) are pleased to announce the launch of our HITECH / HIPAA Risk Management Webinar Series.
The series will continue our "news you can use" approach. We will be making available HITECH / HIPAA compliance roadmaps, project plans, templates and other useful and actionable intellectual property. These tools and analytical frameworks form the cornerstone of our H2 Compliance Scorecardsm offering, an audit methodology that helps covered entities and business associates baseline their compliance status and correct compliance gaps iteratively over time.
Each Webinar is priced at $99.95 per attendee and comes with a 100% satisfaction or money back guarantee. Simply stated, if we don't deliver on the promise you get your money back (request must be made within five business days post webinar), no questions asked. To register click here.
Also, we are happy to announce the availability of a FREE EHR Checklist. An EHR implementation remains a "wicked problem" due to the convergence of law, policy and technology, as well as the related people, process and platform issues triggered by same. As veterans of the technology industry, the authors of HSG are committed to presenting a holistic view of the problem space. If you would like to read more regarding the authors' views on HIT and compliance click here and here.
Finally, HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers, both large and small, return to HSG again and again. HSG provides HITECH / HIPAA commentary and the ability to read the full text of the statute and regulations online. For more information regarding advertising with us click here or send an email to info@digitalbusinesslawgroup.com with the subject line of "HSG Advertising Inquiry."
|
|
Understanding HITECH / HIPAA Risk Management Frameworks
|
The HITECH Act is a transformative piece of legislation. The challenges that it presents to the health care industry are daunting, because it anticipates a massive expansion in the
exchange of electronic protected health information (ePHI). The HITECH Act also widens the scope of privacy and security protections available
under HIPAA; it increases the potential legal liability for
non-compliance; and it provides for an enhanced enforcement regime. Essentially, it dramatically alters health care's regulatory compliance landscape in a manner few in the industry are prepared to deal with.
Many (if not most) industry players are in a state of denial. When reality finally hits it will likely lead to analysis / paralysis, as the industry falls back to its default mode of studying the problem into oblivion. However, the policy goals of the Obama administration and forces at work in the marketplace render the default approach unacceptable and unwarranted. A significant number of the technical challenges now facing the industry have already been solved in other domains and many best practices from these experiences can be imported and adapted. That said, due to a number of factors, including health care's lagging adoption of enabling technologies and its inherent complexity, the challenges the industry faces are quite unique, both in number and in kind.
The compliance continuum depicted above is our metaphor for the iterative process required to achieve the aspirational goal of full compliance. The reality is that almost universally, organizations will have to settle for building a good compliance story, since the economic reality of budgetary and resource constraints will make even this objective a challenging one, regardless of an organization's size. Our analytical frameworks (see the introduction to this article in the left sidebar) are intended to move an organization along the compliance continuum in a practical and effective manner, keeping in mind that compliance risk is only one of many that the industry now confronts.
Depicted below are the HITECH / HIPAA analytical frameworks that we will discuss in this issue. This is not an exhaustive list of possible frameworks, although that said, it does cover significant ground. Each framework will be discussed at a high level, with subsequent issues of the newsletter providing more detail on each.
As discussed in the sidebar, our HITECH / HIPAA Risk Management Webinar Series will explore each framework in even more detail. Each webinar will cover a specific framework and provide additional tools and techniques that will allow an organization to "jumpstart" its HITECH / HIPAA compliance efforts. For reasons previously discussed in this article, it is a given that not all frameworks will be fully implemented during the first iterative cycle. Therefore, the webinar series will also "drill down" on how to get the most bang for your compliance dollar, and how to avoid a finding of "willful neglect."
Read More ...
|
|
About Us
|
|
We help
companies safely and securely do business on the web, in accordance
with applicable law. How? By helping them reduce risk. Privacy and
security compliance issues are merely a subset of legal issues that
online businesses face. This is equally true for eCommerce sites as it
is for healthcare providers, facilities, and vendors.
We take a partnering and collaborative approach in our legal practice.
If you would like to see specific topics covered in this newsletter then please let us know.
Sincerely,
|
|
|
