Remember the sweeping HIPAA reforms enacted in 2009 as part of the economic stimulus legislation? Yeah, neither did we.
However, the U.S. Department of Health and Human Services (HHS) hasn’t forgotten. It has issued final regulations for implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act. The regulations require entities covered by HIPAA—including employer-provided health plans—to update their privacy policies ASAP. The looming deadline: Sept. 23.
HIPAA is the Health Insurance Portability and Accountability Act of 1996, which governs almost all employer-provided health insurance plans. It also sets the national standards for electronic health care transactions—the primary focus of the HITECH Act.
HITECH expanded security measures employers must take to ensure employee privacy and restricted how employers may use “protected health information,” including genetic information.
Most of the HITECH privacy regulations affect health care providers and insurance companies that store vast amounts of electronic patient data. However, many of the regs affect employers, too.
Example: Entities that handle health records must have a way to scrub medical data from digital photocopiers and other equipment that electronically store information.
Advice: Consult your attorney to ensure your privacy policies comply with the new regulations.
Find the final HITECH regs at the U.S. Government Printing Office's website.
Read background on HITECH in "A HITECH world: New law expands HIPAA enforcement power."