Whether you agree with the goals of healthcare reform and the way it’s being implemented or not – one thing we all can agree on is that it’s creating concern, confusion and most of all – change. Much of that ‘change’ has yet to unfold, but several components are here.
The HITECH Act in 2009 brought additional regulations around tracking and reporting breaches, while significantly increasing the responsibilities of Business Associates. This reporting requirement is causing a significant increase in the number of breaches.
Breaches have always been a problem, but now a bright light is shining on this issue (e.g. Wikileaks). It shows us how prolific it has become. Also, I still think the number of breaches is under reported; many organizations just don’t have the controls in place to detect them. I can’t tell you how many times I hear stories of documents with PHI being emailed unsecured.
Now, we have the HIPAA compliance requirement as part of the ‘Meaningful Use’ rules. For those of you who don’t swim in these waters…providers that meet certain requirements are eligible to receive $44,000 if they implement an Electronic Health Record (EHR) system and meet certain ‘Meaningful Use’ measures. One of those measures is demonstrating compliance with HIPAA.
This is not just a ‘feature’ in an EHR; HIPAA compliance is a combination of people, process and technology. The EHR technology is just one of the three legs of the stool. Contact BridgeFront if you want help with the other two legs – people and process.