Many healthcare providers and vendors could find themselves claiming ignorance was as an excuse for not complying with the new HITECH Act regulations. HITECH compliance regulations are like a traffic sign; by simply doing business you are subject to the government’s "signs" regarding compliance regulations. The HITECH Act (Health Information Technology for Economic and Clinical Health) applies to healthcare providers, health insurance companies, clearinghouses, and business associates. A business associate is broadly defined as vendors, service providers, or even consulting and staffing companies. Yes. That is correct. Business associates must comply with this law. What exactly is a business associate? Well the HITECH Act defines it as anyone who provides…
"... a function or activity involving the use or disclosure of individually identifiable health information, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, billing, benefit management, practice management, and repricing?" [45 CFR §160.103(1)(i)(A)]; or
"... legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, or financial services to or for such covered entity" [45 CFR §160.103(1)(ii)]
Do you need to comply with this law? Not sure? The best step to take is to discuss it with your legal counsel. While you’re at it, you might as well discuss other regulations you must comply with and put together some policies and procedures that address them. This might be more work than you expected, but it will be worth it in the long run. The cost of compliance is much lower than if you are found guilty of non-compliance. Try $5 million dollars less. Now go do your homework and read up on the regulations you must follow. The DLP Toolkit Regulation Finder is a great place to start.
No comments:
Post a Comment