On Friday, May 8, 2009, the U.S. Department of Health and Human Services (HHS) announced appointments to the Health Information Technology (HIT) Policy Committee and HIT Standards Committee. These federal advisory committees were established by provisions in the American Recovery and Reinvestment Act (ARRA) that President Obama signed on February 17, 2009. Today, is the first meeting of the HIT Policy Committee, and Friday, May 15, 2009, is the first scheduled meeting of the HIT Standards Committee, both in Washington, DC. According to the press release issued by HHS, “[t]he HIT Policy Committee will make recommendations to the National Coordinator for Health Information Technology [Dr. David Blumenthal] on a policy…
Tag: implementation specifications
Contingency Plan: Sample Policy and Procedures
This is the seventh Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule. It has five implementation specifications: Data backup plan; Disaster recovery plan; Emergency mode operation plan; Testing and revision procedures; and Applications and data criticality analysis. The first three are required; the last two are addressable. Addressable does not mean optional. Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. Further, as HIPAA.com has noted earlier, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. HIPAA.com will outline What to do and How to do it for each…
Time to Review Your Security Risk Assessment
With the March 17, 2009 effective dates for the new 5010 Version of HIPAA Administrative Simplification Transaction Standards and the move to the ICD-10 Code Set Standard rules, and the expected enactment of the HITECH provisions of the American Recovery and Reinvestment Act as early as next week, it is a good time now to begin reviewing your HIPAA Administrative Simplification Security safeguards. As mentioned earlier this week, creating and periodically reviewing your risk assessment or analysis is the foundation of achieving compliance with the HIPAA Administrative Simplification Security Rule and a key factor in having a successful business. Over the next week, HIPAA.com will review the Security Rule administrative,…