«
»

New HITECH rules broaden HIPAA reach

According to the great team at Information Law Group, the new proposed HITECH rules, broaden the concept of business associates who are required to comply with HIPAA.  They cite as an example, a company hired to shred documents including medical records would be required to comply with the applicable requirements of HIPAA’s Security Rule.

Proposed rules make written policies and procedures critically important

If a covered entity under HIPAA gets investigated and can’t point to written policies and procedures about handling disposal of hardware or requests from individuals to restrict the use and disclosure of his or her protected health information, then this could be viewed as “willful neglect” and subject the entity to a higher category of civil penalties.


Tags: ,

This entry was posted on July 13, 2010 at 3:36 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

%d bloggers like this: