|
|
ARRA - HITECH Act
Health Information Technology for Economic and Clinical Health (HITECH) Act Division A, Title XIII, Subpart D of American Recovery and Reinvestment Act of 2009
Congress passed the American Recovery and Reinvestment Act of 2009 (the Act) on Friday, Feb. 13, 2009, with almost unprecedented speed, and the President signed it into law on Feb. 17. The Act has grabbed the attention of the country - from inside the beltway to Main Street America. Title XIII of the Act is artfully entitled the Health Information Technology for Economic and Clinical Health (also referred to as HITECH) Act. Provisions are included in Division A, Title XIII, Subpart D. Most of the Act's provisions will take effect one year after enactment of the law (Feb. 17, 2010), although increased penalty provisions go into effect immediately. Other provisions require implementing regulations and will take two years or longer to take effect. All provisions of the Act do not take effect immediately and a number of the provisions require the promulgation of rule by the US Department of Health and Human Services (HHS) and, in one instance the Federal Trade Commission (FTC). Also, especially as it relates to HIT standards adoption, the requirement to adhere to new standards is delayed. On the other hand, many of the expanded security and privacy provisions take effect much sooner and some impact the healthcare industry outside the formal rule making process. Congress included provisions along with listed requirements that allow HHS to promulgate interim final rules that do not require public comment but will need to go through the public comment process before being finalized. It is important that all health care entities and vendors with access to individually identifiable health information pay attention to these new provisions. Given language regarding increased enforcement, it would be advisable to review the new requirements and implement those requirements as soon as practicable rather than reacting after the fact as has been the case with a number of healthcare entities. Also, earlier provisions in Title XIII include a requirement to implement appropriate privacy and security controls to be eligible to take advantage of stimulus dollars associated with Title XIII. This is covered in certification requirements, standards development, electronic health record funding, etc. These are not specific on-going legal requirements but are tied to the ability to take advantage of funds made available through ARRA. HITECH Policy & Procedures Updates for HIPAA Privacy and Security.Please note that these policies are ONLY updates to HIPAA Privacy and Security rule's policy and procedures requirements. You need HITECH updates assuming that you have all the other required policy and procedures as per the HIPAA Privacy and Security rule.If you want to meet the HIPAA requirements for HIPAA Privacy and Security rule, you need to buy the following templates which include HITECH updates and all HIPAA requirements.
Sample HITECH Policy
|
