What is the difference between HIPAA and HITECH? Article added by Bridgette O'Connor on September 2, 2014
Bridgette O

Bridgette O'Connor

Lansing, MI

Joined: July 15, 2014

My Company

The acronyms HIPAA and HITECH are the peanut butter and jelly of the insurance industry. Together, HIPAA and HITECH make the ultimate duo of protection for health information. So what is the difference between the two?

HIPAA laid the groundwork for privacy and security of health information.

In 1996, HIPAA was enacted to provide a variety of protections for individuals and their health insurance, including access, portability, fraud and abuse protections and administrative simplification.

The main points we focus on are the privacy, security and enforcement rules. These required covered entities — hospitals, carriers and doctors — to implement protections for PHI.

HIPAA was what required carriers to send out Notice of Privacy Practices, put documents in locked drawers and secure information technology networks.

HITECH enhanced the enforcement of HIPAA and extended provisions of HIPAA to business associates.

HITECH was enacted in 2009 as part of the American Recovery and Reinvestment Act to promote the adoption of health information technology. This added more technical requirements to hospitals and doctors who were using electronic health records. A section of HITECH also improved provisions of HIPAA.

This was when carriers began issuing business associate agreements with all their agents. HITECH had extended the Privacy and Security Rules of HIPAA to business associates: agents of carriers. It also imposed new requirements regarding breaches — covered entities are now obligated to report large data breaches to the government and the affected individuals.

Omnibus Rule made business associates directly liable

HIPAA and HITECH were updated in 2013 when the Omnibus Rule was released. The greatest change was that the Security and Breach Notification Rules of HIPAA, as well as updates from HITECH, were now to be upheld by business associates.
Where previously business associates were only obligated to their covered entity, now they were directly liable for any non-compliance and any fines associated with the non-compliance.

Fully understanding HIPAA, HITECH and the Omnibus Rule is an intimidating responsibility. One that a lot of agencies don’t care to take on. Without a clear understanding of these laws and how to implement them, you may be opening yourself to a major financial risk. The government has already begun the 2014 HIPAA audit process, which includes business associates.

Use these 11 boring, but important things to know to begin implementing compliance at your office.

The views expressed here are those of the author and not necessarily those of ProducersWEB.
Reprinting or reposting this article without prior consent of Producersweb.com is strictly prohibited.
If you have questions, please visit our terms and conditions
Post Article