HITECH Assessment
Innvoative CSi integrates security & business processes to protect the administrative, technical and physical security that protects the confidentiality of patient health information (PHI). Our Health Care Check up focuses on the current and missing privacy polices, procedures, physical access controls, technical access controls and internet/intranet controls. Innovative CSi helps organizations that provide data transmission of PHI to covered entities or their business associates that offer personal health records to patients as part of its electronic health records. Innovative CSi’s framework on privacy and security helps to reduce your data privacy exposure. Innovative CSi is currently working with covered entities under the HIPAA regulations.
- Medical Centers
- Hospitals
- Clinics
- Laboratories
- Health Insurance Companies
- Third Party Heath Care Providers
Our HITECH/HIPAA Assessment Provides:
Innovative-CSi's - HIPAA/HITECH Readiness
As of February 17, 2010, Business Associates of Covered Entities must comply with the HIPAA Security Rule. For the first time Business Associates will be regulated by the federal government. Section 13401 of Subtitle D (Privacy) of the HITECH Act (42 USC 17931) states that “the additional requirements of this title that related to security and that are made applicable with respect to Covered Entities shall also be applicable to such a Business Associate and shall be incorporated into the business associate agreement between the business associate and the covered entity.” [Public Law 111-5, p.260] In addition, penalties that apply to Covered Entities also will apply to Business Associates for noncompliance with the provisions of the Security Rule.
A new restriction on disclosure of protected health information has also gone into effect that impacts Covered Entity health care providers. According to Section 13405 of Subtitle D of the HITECH Act (42 USC 17935), a health care provider must honor a patient request to restrict disclosure of protected health information to a health plan for purposes other than carrying out treatment (namely, payment or health care operations) if the patient pays the health care provider out of pocket in full.
In addition enforcement of the Breach Notification Rule goes into effect for “failure to provide the required notifications for breaches” of unsecured protected health information discovered on or after the February 22 date. [74 Federal Register 42757, August 24, 2009]. The Breach Notification Rule applies to Covered Entities and Business Associates, provides obligations for each regarding compilation and reporting of information pertaining to a breach by either party, and requires “incorporation [of those obligations] into the Business Associate Agreement between the Business Associate and the Covered Entity.” [42 USC 17934]
DO I NEED TO BE HIPAA-HITECH COMPLIANT?
Are you a health care provider?
- This includes:
- Doctors
- Dentists
- Pharmacies
- Durable medical equipment suppliers
- Opticians
Are you a clearinghouse?
Defined as an entity that processes health information received from another entity in non-standard format into standard EDI X12 format, or vice versa.
| Does your company have self-insured health benefit plans that have 50 participants or more, or more than $5 million in annual premiums | Are you a Business Associate? | Has one of my customers sent me a Business Associate Agreement? | In the course of providing service to your clients or customers, do you come into contact with Protected Health Information (PHI), that is: individually identifiable health information that is maintained or transmitted in any form or medium? |
If you answered yes to any of the above questions, you most likely fall under HIPAA guidelines as a covered entity or business associate.