Remember the sweeping HIPAA reforms enacted in 2009 as part of the economic stimulus legislation? Yeah, neither did we.
However, the U.S. Department of Health and Human Services (HHS) hasn’t forgotten. It has issued final regulations for implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act. The regulations require entities covered by HIPAA—including employer-provided health plans—to update their privacy policies ASAP. The looming deadline: Sept. 23.
HIPAA is the Health Insurance Portability and Accountability Act of 1996, which governs almost all employer-provided health insurance plans. It also sets the national standards for electronic health care transactions—the primary focus of the HITECH Act.
HITECH expanded security measures employers must take to ensure employee privacy and restricted how employers may use “protected health information,” including genetic information.
Most of the HITECH privacy regulations affect health care providers and insurance companies that store vast amounts of electronic patient data. However, many of the regs affect employers, too.
Example: Entities that handle health records must have a way to scrub medical data from digital photocopiers and other equipment that electronically store information.
Advice: Consult your attorney to ensure your privacy policies comply with the new regulations.
Find the final HITECH regs at the U.S. Government Printing Office's website.
Read background on HITECH in "A HITECH world: New law expands HIPAA enforcement power."
- How to Fire an Employee the Legal Way: 6 Termination Guidelines
- What rules must we follow if we must lay off work-visa employees?
- Don't bait worker into insubordination; It'll smell like bias
- Hospital executive pleads guilty to embezzlement charges
- What should we do about a disgruntled worker who disparages us on the web?