Health Information Technology for Economic and Clinical Health (HITECH)


Health Information Technology for Economic and Clinical Health (HITECH) is the also known as the HIPAA (healthcare) security Rule.

The purpose of this rule is to ensure the confidentiality, integrity and availability (CIA) of all Personal Health Information (PHI) the Covered Entity (CE) and or Business Associate (BA) creates, receives, maintains and transmits. In order to achieve this, the CE or BA must implement safeguards.

An example of a physical safeguard are locks on a door.

An example of a administrative safeguards is a Privacy Officer assigning role base access of PHI for employees. So that only employees who are involved in the patients care can access the PHI of that patient.

Technical Safeguards include : configured computer servers and the encryption of PHI during transmission or at rest. 

Further, HITECH requires CEs to provide notice to individuals IF there is an unauthorized disclosure of that PHI and there a risk of harm that exposure of that PHI could cause the individual harm (reputation, financial).  For example,  a stolen laptop containing unencrypted PHI.  If less than 500 people are affected, the CE may disclose the breach to the DHHS in an annual report. If more than 500 people are effected, the CE must notify DHHS within 60 days of discovery. Some states, such as California, include healthcare information as part of their breach notification laws. In those states separate notice must be provided to typically the Attorney General and or the state consumer reporting agency.

Comments

Popular posts from this blog

Sample Privacy Risk Assesment Example and Explanation

Preserving User Privacy in Digital Advertising: Navigating Consent and Privacy by Design

Cross Border Transfer Mechanism: Model Clauses