What is ARRA?
The American Recovery and Reinvestment Act of 2009 (ARRA).ARRA created incentives related to healthcare information technology in general and is a part of a national health care infrastructure overhaul. ARRA contains incentives to accelerate the adoption of electronic health records (EH R) systems among providers.
What is The HITECH ACT?
The health information Technology for Economic and Clinical Health Act (HITECH Act) is apart of the American Recovery and Reinvestment Act of 2009 (ARRA).
Under HITECH, mandatory penalties will be imposed for "willful neglect." Obviously what "willful neglect" means will be determined on a case-by-case basis
Civil penalties for willful neglect are increased under the HITECH Act. These penalties can extend up to $250,000,with repeat/uncorrected violations extending up to $1.5 million.
The HITECH Act does not allow an individual to bring a cause of action against a provider. However, it does allow a state attorney general to bring an action on behalf of his or her residents. Finally, the office of Health and Human Services (HHS) is now required to conduct periodic audits of covered entities and business associates.
Under the HITECH Act unsecured protected health information" essentially means "unencrypted protected health information."
The HITECH Act requires that patients be notified of any unsecured breach. If a breach impacts 500 patients or more then HHS must also be notified. Notification will trigger posting the breaching entity's name on HHS' website. Under certain conditions local media will also need to be notified. Furthermore, notification is triggered whether the unsecured breach occurred externally or internally. The notification provision is yet another example of the weight privacy and security concerns are given under the Act.
What is HIPPA?
In general, the HIPPA Privacy Rule applies to providers and their usage and disclosure of protected health information. The effective compliance date of the Privacy Rule was April 14, 2003. Therefore, providers have been "living" with the Privacy Rule for about 6 years.
HHS summary definition of the privacy rule, “establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected healthinformation” by organizations subject to the Privacy Rule — called
“covered entities,” (covered entities can be considered providers) as well as standards for individuals' (individuals can be considered patients) privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.” To view the entire Rule, and for other additional helpful information about how it applies, see the OCR website: http://www.hhs.gov/ocr/hipaa.”
Here is My Monthly Nonprofit Podcast by Subscription ($9.95/month) with the exception of My Interviews with Nonprofit Organizations which are Free
To View Podcast Before Subscribing Press the Link Below!
Press Link to Subscribe Now!
60 second and 60 minute Education & Compliance Tidbits and Trainings to review at your leisure .... Updated Monthly