Health Information Management

HITECH compliance tips as you await federal guidance

HIM-HIPAA Insider, December 14, 2009

HIPAA privacy and security officers would probably be thrilled to receive a letter from the Office for Civil Rights (OCR) with “HITECH guidance” written on the envelope. But that hasn’t happened, and it’s anyone’s guess when it will.

Experts told HIPAA Weekly Advisor they expect OCR, the HHS agency that enforces the HIPAA privacy and security rules, to deliver guidance on business associate (BA) contracts, meaningful use, clarifications on security breach notification, and perhaps security rule compliance for BAs. They just don’t know when OCR will deliver that information.

Privacy and security officers do know the date for compliance with the HITECH, the privacy and security law signed into law earlier this year—February 17, 2010.

And you can certainly work now on your BA contracts and prepare for HITECH compliance.

These two tips can help:

  • Compliance is not going away. Some important regulations, such as the breach notification interim final rule, have been set. “You’re still going to have that compliance date,” says John R. Christiansen, founder of Christiansen IT Law in Seattle. Christiansen will be one of the speakers on the HCPro, Inc., January 14 audio conference, “Business Associate Action Plan: Comply with HITECH by February Deadline.”
  • Start to comply now. Don’t wait for OCR guidance to make a move. “I don’t know quite what the guidance is going to say,” Christiansen says, “but at some point you’ve got to get off the fence and say you’re going forward and taking action.”

Editor’s note: See next week’s HIPAA Weekly Advisor for more HITECH tips.

Most Popular