Securing Electronic Protected Health Information
The security and privacy of electronic protected health information (”EPHI”) is a mandatory requirement of health care organizations and providers under HIPAA. HIPAA’s Security Rule requires that all covered entities conduct regular assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of their EPHI and systems.
The Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, has significantly increased the liability of covered entities under HIPAA, and more broadly, their business associates. Effective February 17, 2010, business associates are directly subject to HIPAA’s enforcement scheme.
This means that the HIPAA Administrative Simplification Security Rule applies to a business associate of a covered entity in the same manner that such sections apply to the covered entity. Under the HITECH privacy provisions, the business associate now has direct responsibility and liability for a breach as do healthcare providers. The Security Rule focuses on administrative safeguards, technical safeguards, and physical safeguards. It is important that business associates implement and maintain these safeguards to ensure they are compliant with the HITECH Act.
Don't Be Shy.. Get In Touch.
If you are interested in working together, send us an inquiry and we will get back to you!