Know your 5010 from your ICD-10
|
On Monday, February 22, 2010, the federal government, through the Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS), began enforcing the Breach Notification Rule for breaches occurring on or after that date. The Breach Notification for Unsecured Protected Health Information; Interim Final Rule, was published in the Federal Register on Monday, August 24, 2009 [74 FR 42739-42770] and was effective September 23, 2009. Since September 22, 2009, 36 breaches affecting 500 or more individuals have been reported to OCR. The total number of individuals affected was 1,073,657, with two of the breaches involving 359,000 (FL) and 500,000 (TN), as reported.
|
|
Today, Wednesday, February 17, 2010, Business Associates of Covered Entities must be able to demonstrate that they are in compliance with administrative, physical, and technical safeguards of the HIPAA Security Rule, as required by the HITECH Act, enacted one year ago today as part of the American Recovery and Reinvestment Act of 2009. In addition, Business Associate Agreements must be rewritten or amended to specifically require a Business Associate's compliance with the Security Rule as part of its "satisfactory assurances." Financial penalties for noncompliance discovered during a compliance audit or complaint investigation could be severe, especially for willful neglect.
|
|
Three new HITECH Act Rules go into effect in February: Business Associate compliance with, and subject to penalties for violations of the HIPAA Security Rule, on February 17, 2010; Covered Entity Health Care Provider compliance with a restriction on PHI Disclosure to a Health Plan when a patient pays in full out of pocket at time of service, on February 18; and Enforcement of the Breach Notification Rule for failure of a Covered Entity and/or Business Associate to provide the required notifications for breaches discovered on or after the enforcement commencement date, February 22, 2010.
|
|
Less than one month to go: Business Associates must comply with the HIPAA Security Rule no later than Wednesday, February 17, 2010. Here are relevant provisions from the American Recovery and Reinvestment Act, which included HITECH Act Subtitle D: Privacy.
|
|
HHS published today in the Federal Register: "Medicare and Medicaid Programs--Electronic Health Record Incentive Program; Proposed Rule." 75 FR 1844-2011. Comments on this Notice of Proposed Rulemaking (NPRM) may be submitted to HHS no later than March 15, 2010.
|
|
HHS published today in the Federal Register: "Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology" 75 FR 2013-2047. This Interim Final Rule (IFR) is effective February 2, 2010. Comments on the IFR may be submitted to HHS no later than March 15, 2010.
|
|
From now through early December, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline.
|
|
From now through December, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline.
|
Syndicate this site
Sign up for email updates
Follow HIPAA.com on Twitter
