Waiting for the interpretation and all the final rules to
put your plan together? Well, that is one strategy (not one I would recommend),
but you still have the new and significantly more stringent HITECH privacy and
security requirements that apply whether or not you accept the stimulus funds.
Yes, the security and privacy requirements (HIPAA 2 with big teeth) are just around the corner. When I say just around the corner, I mean late this year and early next year. It is May, which means now is the time to start the process of analysis, planning, and remediating your current and new security privacy programs.
Why is this so important? The new requirements have significant penalties and additional administrative functions. It affects breach notification, accounting of disclosures, business associates agreements, marketing’s use of PHI, access restrictions, limited data set/minimal use and enforcement penalties (including civil penalties).
With all the hope and optimism that the stimulus funding
presents the industry, the security and privacy requirement should scare us
back to a sense of reality. This is definitely a dual path to compliance: one
for stimulus reimbursement and one to ensure that we don’t go to jail.
By:
Russ Branzell,
Vice President, Beacon Partners
Comments