• Home
  • Blog
  • Contact

Call us toll free 0800 0000 900

support@hipaa.com
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Senate Passes American Recovery and Reinvestment Act of 2009 (ARRA)

February 11, 2009 American Recovery and Reinvestment Act No Comments

Tuesday afternoon the Senate passed the American Recovery and Reinvestment Act, the so-called Economic Stimulus bill. Previously, the House of Representatives passed its version, H.R. 1. Now, the joint House-Senate conference committee will resolve funding and language differences in the House and Senate versions of ARRA. As we have noted earlier, each of these versions contains incentives for adoption of health information technologies, which are described in the so-called HITECH provisions of the House and Senate versions. President Obama is expected to sign a reconciled bill in the near future, assuming that the Democrats in the Senate can achieve at least 60 votes in a procedural motion to move the bill to the floor of the Senate for a vote. Once signed into law, HIPAA.com will provide a detailed analysis of funding, language, and timeframe provisions of the reconciled HITECH provisions.

In the meantime, we know that health information policy and privacy/security provisions will be included in the final version of the ARRA legislation. Accordingly, we believe that now is a good time to think about reviewing your security plan for securing electronic protected health information. Remember, this applies to all covered entities, who are required to safeguard electronic protected health information under the HIPAA Administrative Simplification Security Rule, and electronic, oral, and written protected health information under the HIPAA Administrative Simplification Privacy Rule. The definition of covered entity in a final ARRA bill may extend the definition and responsibilities of a covered entity to business associates. So, to get started, the first task would be to review your risk management program. Start by reviewing the 2008 Revision of NIST Guide for Implementing HIPAA Security Rule available at HIPAA.com, and your written risk assessment analysis that is required of covered entities.

Risk management is the process of evaluating threats and vulnerabilities, and then designing a strategy for handling and mitigating those threats and vulnerabilities. The foundation of your security plan is based on conducting your risk assessment, and periodically reviewing and updating it.

Three principles provide the foundation for security of electronic health information:

» Integrity: information has not been altered or destroyed without proper authorization.

» Confidentiality: information is only available or disclosed to persons authorized to receive it.

» Availability: information is accessible and useable upon demand by authorized persons.

» Each of these principles underlie security in administrative, technical, and physical standards.

Tags: economic stimulusH.R. 1health information technologyHITHITECHObamarisk assesment
No Comments
Share
0

You also might be interested in

Exploring HIPAA and HITECH Act Definitions: Part 15

Dec 23, 2009

From now through December, HIPAA.com is providing a run through[...]

Senate Appropriations Committee S.336 & HITECH Report

Feb 2, 2009

US SENATE APPROPRIATIONS COMMITTEE Senate Bill S.336 Report Recommendations for[...]

US House of Representatives Passes SCHIP

Feb 5, 2009

After earlier Senate passage, the US House of Representatives passed[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message

© 2023 · hipaa.com

Prev Next