Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Compliance Newsletter August 2009

HIPAA Compliance is a Team Sport:  Is your team HITECH ready?

  August  2009 Issue No. 1
In This Issue
HITECH/HIPAA and Meaningful Use: Part V
Featured Article
This month's featured article sets the stage for the series by providing background information regarding the HITECH Act and introducing the key aspects of HITECH's enhanced HIPAA enforcement regime.

It will also discuss why HITECH/HIPAA compliance is a "wicked problem" and introduces the likely regulatory challenges that providers and facilities will face in meeting the meaningful use requirements.
Quick Links
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the join list link above and receive your own copy of the newsletter on the first business day of each month.

Please feel free  to share the newsletter with colleagues that might find the information useful.
Other Resources

DBLG Logo White
Dear Subscriber,

Welcome to the August 2009 HITECH/HIPAA Compliance Newsletter. The featured article this month is entitled: "The Intersection of HITECH/HIPAA and Meaningful Use: Part I." It is the first in a series of featured articles over the next few months that will discuss the transformational impact that the HITECH Act is likely to have on HIPAA's regulatory environment.
Compliance with HIPAA's Privacy and Security Rules are now part of HHS's "meaningful use" definition, which, as a practical matter, means that providers and facilities found to be non-HIPAA compliant may not get paid their electronic health record (EHR) incentives under HITECH. That, coupled with HITECH's enhanced HIPAA enforcement regime, is likely to transform HIPAA from a paper tiger to legislation that is actively enforced.

We are now actively promoting what we believe to be is the best of breed HIPAA compliance tracking system ("CTS") on the market. We performed a significant amount of due diligence over the last couple of years and this is the one solution that is clearly ahead of the pack and economically priced to be within the reach of even the smallest covered entities and business associates. To see a demo of the product click here.

We are also pleased to announce the availability of our Breach Notification Framework. Section 13402 of the HITECH Act requires that HIPAA covered entities and their business associates provide various notifications following a breach of unsecured protected health information. Our Breach Notification Framework offers guidance for complying with HITECH's Breach Notification requirements.

Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility.
Contract DraftingWe continue to be excited regarding the marketplace feedback of our Business Associate Agreement: a HITECH Ready Model Contract (Buy Now). 

The HIPAA regulations and the HITECH Act mandate that a CE establish a written contract with a BA in a number of instances, including whenever a BA "manages" PHI on behalf of a CE. Our Model Contract includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links, where appropriate, to the relevant statutory/regulatory authority that underpins each Contract clause. 

Our Model Business Associate Contract, Roadmaps, and other offeringsare now available in the HSG Store.
HITECH/HIPAA and Meaningful Use: Part I
Venn Diagram Intersection HIPAA HITECH MUSince we first co-authored the HIPAA Survival Guide, HHS has provided key guidance regarding the definition of meaningful use under the HITECH Act. Compliance with HIPAA's Privacy and Security Rules is now an integral part of the meaningful use definition. It is also part of the 2011 meaningful use objectives. Providers and facilities must ensure adequate privacy and security protection for personal health information if they expect to receive HITECH EHR incentive payments.

HHS' HITECH meaningful use definition can be broken down into three principal components: 1) five policy priorities; 2) care goals; and 3) a set of objectives and measures for each two year window (2011, 2013, and 2015). Lost in much of the HITECH discussion to date are the transformational privacy implications of HITECH's Subtitle D-Privacy, which provides the central point of intersection between HITECH, HIPAA and meaningful use. Compliance with Subtitle D is therefore critical with respect to providers and facilities receiving ARRA's promised EHR incentives.

In short, in order to understand the non paper tiger HIPAA you must understand Subtitle D. The remainder of this article will highlight key sections of this Subtitle and provide an explanation as to why HITECH/HIPAA compliance is a "wicked problem."
About Us
We help companies safely and securely do business on the web in accordance with applicable law. How? By helping them reduce risk. Privacy and security compliance issues are merely a subset of legal issues that online businesses face. This is equally true for eCommerce sites as it is for healthcare providers, facilities, and vendors.

Contact us today