Health Information Management

TIP: Put plan into action to comply with HITECH

HIM-HIPAA Insider, June 1, 2009

For organizations, compliance with many of the HITECH Act’s provisions may seem overwhelming, particularly in the absence of guidance and regulations.

It’s no time to worry, says John C. Parmigiani, HIPAA security and privacy consultant and president of John C. Parmigiani & Associates, LLC, in Ellicott City, MD. Just arm yourself with existing information.

First, read the entire HITECH Act. Once you are familiar with the provisions in the HITECH Act, review your policies to ensure that they are practiced and enforced. Also review your BA agreements. Do they comply with the principles set forth in the HIPAA Security Rule?  They most likely will require modification to incorporate HITECH provisions.

Ensure that you have a training program, periodic risk assessments, and a disaster recovery plan.

“Do this work to see if your organization is poised to take the next step and be in the best possible position to benefit from the incentives and benefits once the various aspects of the law are clarified,” says Parmigiani.  


Adds William Miaoulis, CISA, CISM, manager, Phoenix Health Systems, in Montgomery, AL, “Organizations should take steps to ensure that they are doing a good job of protecting patient data, that they have a strong security incident response process, and that they document everything they are doing to make sure that patient privacy is a priority.”

Most Popular