As the title hints at, we're talking about what specific tech things that a Business Associate (BA) and Covered Entities (CE) need to do to assist in their HIPAA / HITECH compliance strategy.
Here's a brief summary of what we're going to cover, and an overview of what I'll lay out in this blog, as well:
A. Being HIPAA / HITECH compliant is doable. Possible. Not an insurmountable mountain.
|"DO OR DO NOT. There is no try."|
B. Being HIPAA / HITECH compliant is required. The immortal words of Yoda may be haunting you: "Do or do not. There is no try."
He's right. You gotta do this. Don't play with it. Just do it.
C. There are tactical points in the HIPAA, HITECH, OCS & other documents that you can hang your hat on and work with.
D. There aren't really aren't zillions of laws you need to read to understand the basic intent & requirements of the HIPAA & HITECH laws.
E. You probably do need to get a little help with this, but it doesn't have to cost you an arm and a leg.
Let's start with a quick summary of what you're facing, and what's at stake for CE's and BA's with HIPAA / HITECH.
So, here's what good I see coming out of all of this:
- HITECH ACT Grants offer possible +/- 44k over 5 years
- Medicare Incentive for meeting Meaningful use w/ EMR
- Healthcare info (PHI) will (probably) be more secure.
- Healthcare will get measurably better??
- Choosing the wrong EMR can cost you more than 44k.
- Financial penalties for anyone that touches PHI
- Legal fees the Attorney General levies!
|Ug. You put my client's PHI on Facebook. |
Me sue you now. Ug.
AND THE UGLY:
- February 17th, 2010 – BA’s became subject to HIPAA regulations
- February 17th, 2011 – mandatory civil penalties for violations involving “willful neglect” for BA's AND CE's.
- February 17th, 2012 – Complainants will share in collected civil monetary penalties. (Can anyone spell "Class Action Lawsuits out the Wazoo"?)
In our humble opinion, that's the big highlights of what's on the table with HIPAA / HITECH.