New HITECH rules broaden HIPAA reach

According to the great team at Information Law Group, the new proposed HITECH rules, broaden the concept of business associates who are required to comply with HIPAA.  They cite as an example, a company hired to shred documents including medical records would be required to comply with the applicable requirements of HIPAA’s Security Rule.

Proposed rules make written policies and procedures critically important

If a covered entity under HIPAA gets investigated and can’t point to written policies and procedures about handling disposal of hardware or requests from individuals to restrict the use and disclosure of his or her protected health information, then this could be viewed as “willful neglect” and subject the entity to a higher category of civil penalties.

Tags: ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: