Health care providers are gearing up to meet the privacy and security provisions of the federal economic stimulus law, Healthcare Informatics reports.
Under the health IT provisions of the federal stimulus package, all entities that handle protected health information must comply with HIPAA privacy regulations. In addition, the stimulus law calls for health care providers to:
- Notify all affected patients within 60 days of a security breach;
- Report security breaches to the HHS secretary and prominent media outlets if the incident affects more than 500 individuals;
- Track all personal health information disclosures; and
- Upon patient request, provide an account of every disclosure for the previous three years.
Experts say health care facilities could face serious penalties if they fail to comply with the new security provisions of the federal stimulus package.
Lisa Gallagher, senior director of privacy and security for the Healthcare Information and Management Systems Society, said health care facilities have focused on the funding aspects of the stimulus law instead of the security provisions. She said health care executives “need to devote time to creating additional policies, procedures and processes for meeting these requirements.”
No comments:
Post a Comment