• Home
  • Blog
  • Contact
HIPAA ComplianceHIPAA Compliance
HIPAA ComplianceHIPAA Compliance
  • Home
  • Blog
  • Contact

Accountability Key Privacy/Security Principle of Meaningful Use 2011 Objectives

July 6, 2009 Meaningful Use, Privacy No Comments

On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The eight principles in this report underpin the HIPAA Administrative Simplification Privacy and Security Rule standards, provide a foundation of the Privacy provisions of the HITECH Act in the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, and are a key objective of proposed 2011 Objective recommendations for Meaningful Use published by HHS’ Health IT Policy Committee on June 16, 2009. The Framework and Meaningful Use documents are available here.

In this series of postings, we reproduce—one at a time—Level 1 and Level 2 descriptions of the eight principles. A Level 1 (L1) description is a “short title and concise statement,” and a Level 2 (L2) description is a “short explanation that further elaborates on the principle, what it is designed to do, and its parameters.”

The eighth and last of the principles is:

(L1) ACCOUNTABILITY. These principles should be implemented, and adherence assured, through appropriate monitoring and other means and methods should be in place to report and mitigate non-adherence and breaches. [p. 9]

(L2) These nationwide privacy and security principles will not be effective in building trust in electronic exchange of individually identifiable health information unless there is compliance with these Principles and enforcement mechanisms. Mechanisms for assuring accountability include policies and procedures and other tools. At a minimum, such mechanisms adopted by persons and entities that participate in a network for the purpose of electronic exchange of individually identifiable health information should address: (1) monitoring for internal compliance, including authentication and authorizations for access to or disclosure of individually identifiable health information; (2) the ability to receive and act on complaints, including taking corrective measures; and (3) the provision of reasonable mitigation measures, including notice to individuals of privacy violations or security breaches that pose substantial risk of harm to such individuals.

Tags: 200820092011 ObjectivesaccessaccountabilityAmerican Recovery and Reinvestment Act of 2009authenticationauthorizationcomplaintscompliancecorrective measuresDecember 15DisclosureElectronic ExchangeEnforcementFebruary 17Health IT Policy CommitteeHHSHIPAA Administrative Simplification standardsHITECH ActIndividually Identifiable Health Informationinternal complianceJune 16Level 1Level 2Meaningful UsemonitoringNationwide Privacy and Security FrameworknetworknoticeOffice of the National Coordinator for Health Information TechnologypoliciesPresident Obamaprinciplesprivacy violationproceduresreasonable mitigation measuresrisk of harmSecurity Breachtrust
No Comments
Share
0

You also might be interested in

Senate Appropriations Committee S.336 & HITECH Provisions

Jan 30, 2009

US SENATE APPROPRIATIONS COMMITTEE Senate Bill S.336 Recommendations for Discretionary[...]

Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

Jun 24, 2009

Office of the National Coordinator for Health Information Technology U.S.[...]

OCR Publishes HIPAA/HITECH Act Privacy and Security Compliance Audit Protocol

Jul 9, 2012

July 9, 2012.  Late in June, the Office for Civil[...]

Leave a Reply Cancel Reply

Categories

  • 5010
  • American Recovery and Reinvestment Act
  • Enforcement
  • GINA
  • Health Care Reform
  • Health IT and HITECH
  • HIPAA Law
  • Identifiers
  • Meaningful Use
  • Privacy
  • Red Flags Rules
  • Security
  • Transactions & Code Sets
  • Uncategorized

Recent Posts

  • Contracting with Vendors that are NOT HIPAA Business Associates: Best Practices
  • HIPAA Breach: Who You Gonna Call?
  • Can I Be Sued for a HIPAA Violation?
  • Business Associate Agreements – a First Look at Indemnification
  • Gmail, Google Apps for Business HIPAA Business Associate Agreements

Archives

Contact Us

We're currently offline. Send us an email and we'll get back to you, asap.

Send Message
HIPAA- Health Insurance Portability Accountability Act

© 2023 · hipaa.com

Prev Next