Sunday, February 21, 2010

It's High Time for HITECH -- Is Your Law Firm Ready?

The provisions of the HITECH Act of 2009 went into effect on February 17, which means if your law firm holds personal health information covered by these rules, it's now subject to stricter confidentiality and compliance requirements.

The HITECH Act extends HIPAA confidentiality, monitoring and compliance tracking requirements to business associates receiving personal health information from covered entities. Under the terms of the law, associates include law firms who serve and receive information from entities including doctors, hospitals and insurance providers.

In the past, organizations may have been able to address confidentiality requirements by executing Business Associate Agreements that asserted adequate measures would be taken to protect health information. Now the stakes are higher. Under the HITECH Act, firm with relevant data must take more stringent and explicit measures to ensure compliance. This includes segregating, encrypting, and restricting and monitoring access to personal health information they store or manage.

Hogan and Hartson has developed some excellent educational material, including a webinar.

As noted in the article from Hogan, while regulators had promised to provide more detailed guidance for business associates, there are still areas of uncertainty and confusion. But what's not unclear is that firms must take steps to improve their confidentiality and compliance practices for covered information now in order to comply. It’s now the law.

No comments:

Post a Comment