In this lesson, we'll quickly recap what you've learned in your ProHIPAA course, and at the end of the lesson, you'll find a Word (or two) about HITECH – what it is, what the goals of the law are, and why it's important.
We've gone over what the HIPAA and HITECH laws are, who manages the laws, and who is required to comply. You've learned about covered entities, business associates, and more about PHI than you probably thought possible, and for very good reasons as you now know. For those of you also taking the HIPAA for Leaders course, you'll learn more about HITECH and business associates in that course.
Pro Tip: It's important to note that both covered entities and business associates share in the responsibility to protect personal health information at all times. If you are a covered entity doing all you can to be HIPAA compliant, but you're working with a business associate who isn't, this still poses a significant problem, as all it takes is one weak link in the chain.
For this reason, it's important for all covered entities to ensure that each of their business associates is a trusted partner, has their best interest in mind at all times, and more importantly, is committed to protecting the health data of all of your customers and/or patients.
We've covered what the value of PHI is on the black market ($700 when part of a larger identity package) and why cybercriminals want PHI. We've looked a little into areas where PHI can be compromised and even a few recent instances in which PHI was compromised.
It's critical to always protect PHI, not only for the safety and security of your customers and patients but also for the legacy and operational integrity of your own business or organization. A data breach isn't just costly in terms of fines. It's also costly in terms of reputation and possible future revenue losses.
Knowing that Your Organization is HIPAA Compliant – Priceless!
If you don't feel confident in your business or organization's ability to become or remain HIPAA compliant, it pays to engage a trustworthy HIPAA compliance partner who can guide you through your HIPAA compliance journey.
Even though you've now learned what it takes to become HIPAA compliant, you may still need helping getting there. And you certainly have a better understanding of the damage that could occur if your business or organization isn't compliant and suffers a data breach.
If you ever feel like you need further assistance, as in a HIPAA compliance guide who can navigate you through those muddy waters, contact us ProHIPAA.com or call us at 844-722-8898. Thank you, and remember that we're always here to help you.
A Word About HITECH
The HITECH Act (Health Information Technology for Economic and Clinical Health Act) was introduced during the Obama administration and signed into law on February 17, 2009.
The Goals of the HITECH Act
The HITECH Act was established to promote and expand the adoption of health information technology, specifically, the use of electronic health records by healthcare providers.
The Act also removed some of the loopholes in the HIPAA Act by tightening up the language of HIPAA. This helped to ensure that all business associates were complying with HIPAA Rules, and when health information was compromised, notifications were sent to the affected individuals in a timely manner.
Tougher penalties for HIPAA compliance failures were also introduced to add an extra incentive for healthcare organizations and their business associates to comply with the HIPAA Privacy and Security Rules.
The Importance of the HITECH Act
Prior to the introduction of the HITECH Act, only 10 percent of hospitals had adopted electronic health records. In order to advance healthcare, improve efficiency and care of patients, and make it easier for health information to be shared between different covered entities, electronic health records needed to be adopted.
The HITECH Act introduced incentives to encourage hospitals and other healthcare providers to make the change from paper records to electronic records. Had the Act not been passed, there is a good chance that many healthcare providers would still be using paper records today.
The HITECH Act also helped to make certain that healthcare organizations and their business associates were complying with the HIPAA Privacy and Security Rules, were implementing safeguards to keep personal health information private and confidential, were restricting the uses and disclosures of health information, and were honoring obligations to provide patients with copies of their medical records upon request.
The Act did not make compliance with HIPAA mandatory. That was already a requirement. However, it did make certain that entities found not to be in compliance could be issued substantial fines. Penalties help increase compliance, and sometimes the only language that businesses understand is one that affects the bottom line.