Internet Lawyer: DBLG:

HITECH / HIPAA Compliance Newsletter August 2009

HIPAA Compliance is a Team Sport: Is your team HITECH ready?

August 2009

Issue No. 1

In This Issue

Featured Article

This month's featured article sets the stage for the series by providing background information regarding the HITECH Act and introducing the key aspects of HITECH's enhanced HIPAA enforcement regime.

It will also discuss why HITECH/HIPAA compliance is a "wicked problem" and introduces the likely regulatory challenges that providers and facilities will face in meeting the meaningful use requirements.

Quick Links

Understanding Subtitle D
HITECH Subtitle D (online)

HIPAA Survival Guide Download
HIPAA Survival Guide Online
Healthcare & Technology Blog
HITECH / HIPAA / Cyberlaw Blog
Why a HITECH / HIPAA Audit?

Join Our Mailing List

Interested in staying current on HITECH / HIPAA compliance issues? Click the join list link above and receive your own copy of the newsletter on the first business day of each month.

Please feel free to share the newsletter with colleagues that might find the information useful.

Other Resources

HHS Privacy Rule Portal

HHS Security Rule Portal

HHS HIT Portal
HHS National Health Info Net (NHIN)
Office of National Coordinator (ONC)
HITSP: Healthcare IT Panel
CDT: Health Privacy
CCHIT : Certification Commission HIT
National eHealth Collaborative
American National Standards Institute

Dear Subscriber,

Welcome to the August 2009 HITECH/HIPAA Compliance Newsletter. The featured article this month is entitled: "The Intersection of HITECH/HIPAA and Meaningful Use: Part I." It is the first in a series of featured articles over the next few months that will discuss the transformational impact that the HITECH Act is likely to have on HIPAA's regulatory environment.

Compliance with HIPAA's Privacy and Security Rules are now part of HHS's "meaningful use" definition, which, as a practical matter, means that providers and facilities found to be non-HIPAA compliant may not get paid their electronic health record (EHR) incentives under HITECH. That, coupled with HITECH's enhanced HIPAA enforcement regime, is likely to transform HIPAA from a paper tiger to legislation that is actively enforced.

HITECH/HIPAA and Meaningful Use: Part I

Venn Diagram Intersection HIPAA HITECH MU

Since we first co-authored the HIPAA Survival Guide, HHS has provided key guidance regarding the definition of meaningful use under the HITECH Act. Compliance with HIPAA's Privacy and Security Rules is now an integral part of the meaningful use definition. It is also part of the 2011 meaningful use objectives. Providers and facilities must ensure adequate privacy and security protection for personal health information if they expect to receive HITECH EHR incentive payments.

HHS' HITECH meaningful use definition can be broken down into three principal components: 1) five policy priorities; 2) care goals; and 3) a set of objectives and measures for each two year window (2011, 2013, and 2015). Lost in much of the HITECH discussion to date are the transformational privacy implications of HITECH's Subtitle D-Privacy, which provides the central point of intersection between HITECH, HIPAA and meaningful use. Compliance with Subtitle D is therefore critical with respect to providers and facilities receiving ARRA's promised EHR incentives.

In short, in order to understand the non paper tiger HIPAA you must understand Subtitle D. The remainder of this article will highlight key sections of this Subtitle and provide an explanation as to why HITECH/HIPAA compliance is a "wicked problem."