HITECH Compliance Suite
The HITECH act, enacted as part of the American Recovery and Reinvestment Act of 2009, becomes effective since February 2010. HITECH includes the following major provisions:
- Extends HIPAA compliance from covered entities (e.g. hospitals and insurance companies) to their business associates: organizations that handle protected health information (PHI), such as billing agencies and data centers. Business associates will be required to enforce the same PHI data breach protection measures and will be subject to penalties and prosecution.
- Increases penalties up to $1.5M and allows criminal prosecution for deliberate disclosure of PHI. Business associates are now subject to the same criminal and civil penalties.
- Imposes data breach notification rules, requiring organizations to notify the Secretary of the Department of Health and Human Services if data has been compromised or lost for more than 500 individuals. In addition to that every individual who's data was compromised must be notified no matter how many other individuals' records were exposed.
NetWrix provides a HIPAA Compliance Suite to help all types of healthcare organizations sustain HIPAA/HITECH compliance.
[Learn More]
Disclaimer: This information is not intended to provide legal advice or substitute for the advice of an attorney.
