Health Information Management

HIPAA and the HITECH Act: Know all the provisions

HIM-HIPAA Insider, March 30, 2009

HIPAA Weekly Advisor has reported in the past two issues about the major implications in the Health Information Technology for Economic and Clinical Health (HITECH) Act. But don’t forget about these other provisions as you revisit your HIPAA training and compliance programs:

  • New restrictions or reemphasized on marketing and fundraising
  • Preferences for limited data sets and use of de-identified information for healthcare operations
  • Prohibition on sale of PHI except under certain conditions
  • Requirement for HHS to report to Congress annually all enforcement actions taken (informal or the levying of penalties/monetary assessments), including the name of the covered entities of which it took action and all breaches reported to HHS. It also must post the report on the HHS public Web site.
  • Requirement for HHS to define in rule what “minimum necessary” means
  • Requirement for HHS to make available resources to assist with implementation of technical security standards, privacy requirements, etc.
  • Requirement for HHS to designate at least one individual per HHS region as a designated resource to assist with compliance
  • Requirement for HHS to dedicate resources to better explain to individuals their privacy rights and how their PHI is being used

Most Popular