Hitech Act

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) was signed into law on February 17, 2009. The HITECH Act is aimed at providing funds for the development of a nationwide health information technology infrastructure to providers that enhances electronic use and exchange of health information in a secure manner.

The HITECH Act expanded the reach of the Health Insurance Portability and Accountability Act (HIPAA) Security and Privacy Rules and criminal penalties directly to business associates of covered entities and every entity that handles health information.

HITECH Act applies to covered entities, including hospitals, healthcare providers, health plans, business associates, vendors, Health Information Exchanges (HIEs), Regional Health Information Organizations (RHIOs), and Personal Health Records (PHRs).

A new security breach notification requirement has been imposed on covered entities, business associates and other entities by the HITECH Act. The legislation requires HIPAA regulated entities, business associates and other related entities to notify respective agencies e.g. HHS, FTC and individuals affected in the event of a security breach involving unprotected health information that has been compromised.

ERM can assist your organization to comply with the HITECH Act in the following ways:

• Provide physical and logical security solutions for the control and security of health information assets by the development of a comprehensive security framework also including the utilization of the encryption technology.
• Assist in the security breach investigation, by helping you trace the attack and preserve evidence in the process. Electronic fraud investigation and E-crime expert support is our forte. ERM boasts of an exemplary past record in incident response support and security breach remediation.