0
61
Psychiatric News   |   January 01, 2010 
Volume 45 Number 1 page 9-9
Professional News
  • Print
  • E-mail
    Recipient(s) will receive an email with a link (good for 72 hours) to 'FAQs About HIPAA and HITECH: What Physicians Need to Know' and do not need to have Psychiatric News account to access the content.
    Example: John Doe
    CC Me:
    Enter your valid email address. Example: jdoe@example.com
    Separate multiple email address with semi-colons (up to 5).
    's Psychiatric News: 'FAQs About HIPAA and HITECH: What Physicians Need to Know'
    Subject for your email.
    (Optional, message will truncate at 1000 characters)
    Copyright © in the material you requested is held by The American Psychiatric Association (unless otherwise noted). This email ability is provided as a courtesy, and by using it you agree that you are requesting the material solely for personal, non-commercial use, and that it is subject to The American Psychiatric Association's Terms of Use. The information provided in order to email this topic will not be used to send unsolicited email, nor will it be furnished to third parties. Please refer to The American Psychiatric Association's Privacy Policy for further information.
    Copyright © American Psychiatric Association. All rights reserved.
  • Share
  • Reprints
FAQs About HIPAA and HITECH: What Physicians Need to Know
Donna Vanderpool, M.B.A., J.D.
text A A A
View Disclosures and Other Information
Donna Vanderpool, M.B.A., J.D., is assistant vice president, risk management, at Professional Risk Management Services Inc. (PRMS Inc.).

©
American Psychiatric Association
Abstract

This is the first of a two-part article on the new HITECH law. Interpretation of this law is still evolving, and there are many unanswered questions.

Abstract Teaser
The HITECH (Health Information Technology for Economic and Clinical Health) Act is Title 13 of the American Recovery and Reinvestment Act of 2009 (ARRA). While the various subtitles of HITECH cover many topics relevant to physicians (for example, financial incentives for health information technology), this article will address only Subtitle D of HITECH amending the privacy and security rules under HIPAA (Health Insurance Portability and Accountability Act of 1996).
HIPAA's privacy and security rules established floors of confidentiality and security protections for patients' demographic and health information in all forms—paper, oral, and electronic. The development of health information technology (for example, electronic health records, personal health records, health information exchanges) has resulted in additional risks; HITECH builds on the privacy and security rules to address these new risks.
    +
  • Who must comply with the HITECH amendments to HIPAA?
  • Covered entities and business associates under HIPAA must comply with HIPAA, as amended by HITECH.
  • Isn't every physician a covered entity under HIPAA?
  • No. Only providers who electronically submit specific transactions electronically are covered by (required to comply with) HIPAA. The most common transaction that makes a provider covered is the electronic submission of claims to health plans. The Department of Health and Human Services (HHS) has useful resources to determine the applicability of the federal HIPAA regulations posted at <www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/index.html>.
  • What is a business associate?
  • Under the privacy rule, a business associate is a person who provides a function on behalf of a covered entity (other than as part of the covered entity's workforce) that involves the use of protected health information (PHI). Examples of this type of business associate include billing services, transcription services, and answering services. A business associate is also a person who provides specified services involving the use of PHI to a covered entity. The specified services are legal, actuarial, accounting, consulting, data aggregation, management, administrative, accreditation, and financial services. The HHS Web site at <www.hhs.gov/ocr/privacy> has much more information on entities that are, and are not, business associates.
  • Business associates may use and disclose PHI, but only in compliance with the business associate agreement evidencing the business associate's promise to maintain the confidentiality and security of PHI. Under existing law, business associates only have contractual liability with the covered entity via the business associate agreement. As of February 2010, business associates must comply with the security rule and will be subject to government enforcement.
  • What does HITECH say about HIPAA?
  • There are many changes to HIPAA under HITECH, but not all of the provisions have the same effective date. See Summary Timeline for HITECH Requirements for Providers Covered Under HIPAA for a summary timeline showing the implications of the major HITECH provisions on HIPAA-covered entities.
  • The most significant provisions of HITECH include the following:
    • Part 2 of this article will include FAQs on enforcement and compliance with HIPAA, as well as breach notification. Please note that nothing in this article should be construed as legal advice.blacksquare[XSLExtension]

    Interactive Graphics

    Video

    NOTE:
    Citing articles are presented as examples only. In non-demo SCM6 implementation, integration with CrossRef’s “Cited By” API will populate this tab (http://www.crossref.org/citedby.html).
    Compression-Only CPR: Pushing the Science Forward
    Cone
    AAM 2010;304:1493-1495.
    All you need to read in the other general jounals
    BMJ 2010;341:c5893-c1494.
    Submit a Comments
    Please read the other comments before you post yours. Contributors must reveal any conflict of interest.
    Comments are moderated and will appear on the site at the discertion of JBJS editorial staff.

    * = Required Field
    (if multiple authors, separate names by comma)
    Example: John Doe



    Similar Articles
    PSYCHIATRIC NEWS
    Articles
    APA Urges Improvements to HIPAA Privacy Rule
    Psychiatric News 19 August 2011: Vol. 46. no. 16, pp. 6-6
    New HIPAA Billing Rule Goes Live at Start of 2012
    Psychiatric News 3 June 2011: Vol. 46. no. 11, pp. 11-23
    More Answers About Law Amending HIPAA Rules
    Psychiatric News 15 January 2010: Vol. 45. no. 2, pp. 9-9
    Summary Timeline for HITECH Requirements for Providers Covered Under HIPAA
    Psychiatric News 1 January 2010: Vol. 45. no. 1, pp. 9-9
    Audit Finds Lax Enforcement of HIPAA Security Provisions
    Psychiatric News 5 December 2008: Vol. 43. no. 23, pp. 8-8
    [+] View More
    Copyright ©
    American
    Psychiatric
    Association