The Privacy Professional

Health Information Technology for Economic and Clinical Health (HITECH) is the also known as the HIPAA (healthcare) security Rule. The purpose of this rule is to ensure the confidentiality, integrity and availability (CIA) of all Personal Health Information (PHI) the Covered Entity (CE) and or Business Associate (BA) creates, receives, maintains and transmits. In order to achieve this, the CE or BA must implement safeguards. An example of a physical safeguard are locks on a door. An example of a administrative safeguards is a Privacy Officer assigning role base access of PHI for employees. So that only employees who are involved in the patients care can access the PHI of that patient. Technical Safeguards include : configured computer servers and the encryption of PHI during transmission or at rest.  Further, HITECH requires CEs to provide notice to individuals IF there is an unauthorized disclosure of that PHI and there a risk of harm that exposure o

HIPAA regulations make up two main parts: The Privacy (HIPAA) Rights of individuals related to their Personally Healthcare Information (PHI) and the Security (HITECH) of the healthcare information held by Covered Entities .  The Privacy Rule requires covered entities to provide individuals with a copy of their notice of privacy practices, at the first visit/date of service. Covered Entities must be able to prove that patients received these notices; thus they generally require individuals to sign a document called "receipt of notices of privacy practices." These notices must contain information on how the covered entity's   use   and disclosures of the PHI. For example, there should be   a statement   that the PHI will be used consistent with payment of claims, treatment of the individual and for business operations (quality control, auditing or internal monitoring). In addition, the notice should contain information on instances when a signed release would be re