HIPAA and HITECH Add IT to Compliance Challenges

As the use of electronic medical records increases in long-term care, I’d like to share some words to the wise about the protection of Personal Health Information (PHI) required under HIPAA and HITECH, both parts of the American Recovery and Reinvestment Act of 2009.

In the first enforcement action under the Health Information Technology for Economic and Clinical Health (HITECH) Act taken by the Connecticut Attorney General, and subsequently blogged about by health care lawyer Bob Coffield, Health Net of Connecticut, Inc. allegedly failed to notify the AG and other officials of a missing portable computer hard drive containing PHI. This action reflects HITECH’s increased capacity for enforcement since it allows state attorneys general to file complaints on behalf of the public.

Two parts of this news stand out to me: 1) that HITECH is alive and well – so long-term care needs to be mindful about encrypting PHI data before electronically sharing or storing it; and 2) that compliance professionals take heed of HITECH reporting requirements to facilitate corporate compliance.

In addition to sharing great insight, Bob references a more extensive blog post by attorney David Harlow, that adds valuable information about compliance with HITECH.

I highly recommend both posts to you.