RESUMO
The recent Omnibus Rule published by the Department of Health and Human Services greatly expanded liability for breaches of health information privacy and security under the HIPAA statute and regulations. This expansion could have dire financial consequences for the health care industry. The Rule expanded the definition of business associates to include subcontractors of business associates and made covered entities and business associates liable for breaches of the entities who perform a service for them involving the use of individually identifiable health information under the federal common law of agency. Thus, if a covered entity or its "do wnstream" business associate breaches security or privacy, the covered entity or "upstream" business associate may face HIPAA's civil money penalties or a lawsuit. Financial managers need to be aware of these changes both to protect against the greater liability and to plan for the compliance costs inherent in effectively, if not legally, making business associates into covered entities.
Assuntos
Health Insurance Portability and Accountability Act/economia , Responsabilidade Legal/economia , American Recovery and Reinvestment Act , Lista de Checagem , Segurança Computacional/legislação & jurisprudência , Regulamentação Governamental , Health Insurance Portability and Accountability Act/legislação & jurisprudência , Humanos , Privacidade/legislação & jurisprudência , Estados UnidosRESUMO
The American Recovery and Reinvestment Act of 2009, often called the Stimulus Package or the Stimulus Bill, contains a section called the Health Information Technology for Economic and Clinical Health Act (HITECH Act). The HITECH Act made several significant changes to the current HIPAA Security and Privacy Rules and provided funds and incentives to increase the use of electronic health records (EHRs) by eligible physicians and eligible hospitals, as discussed below. The HITECH Act also provides funding for the Office of the National Coordinator for Health Information Technology, which oversees technology standards, implementation strategies, and impact assessment. The goals of the Office of National Coordinator are to achieve use of an EHR for each person in the country by 2014 and to develop a nationwide health information technology infrastructure in support of the first goal. Further, the HITECH Act provides funding for establishing at least 70 regional centers to help promote the adoption of EHRs. These centers are to offer technical assistance, guidance, and information on best practices to help providers achieve meaningful use of EHRs. This article will define the EHR, discuss the HITECH Act EHR stimulus, and explain the problem with the HITECH Act EHR incentive time-frame.
