Health Information Technology for Economic and Clinical Health
What is HITECH?
Effective September 23, 2009, Health and Human Services (HSS) implemented the Health Information Technology for Economic and Clinical Health (HITECH) Act requiring covered entities under the Health Insurance Portability and Accountability Act (HIPAA) and their Business Associates to provide notification in the case of breaches of “unsecured Protected Health Information”(PHI). Guidelines specifying the methods that render PHI unusable, unreadable or indecipherable for relief from the breach notification requirement are also in the Act.
What does HITECH require?
A covered entity must notify each individual whose unsecured PHI has been believed to have been accessed, acquired, used or disclosed as a result of a breach. Should a reach involve more than 500 residents of a state, the covered entity must notify HSS and the media.
Business Associates (third-party administrators or service providers) requiring access to insecure PHI are also required to notify covered entities of breaches that occur while in their possession. Additionally, the Act stipulates that encryption of electronic PHI and physical destruction of paper PHI are the only two methodologies allowed for covered entities to be relieved of the breach notification requirement.
Why does HITECH matter?
Fines for non-compliance are expected to significantly increase over time. State Attorney Generals, the Federal Trade Commission and Health and Human Services all have mandates to prosecute with increased scrutiny. Putting PHI in the hands of shredding providers does not absolve covered entities from paying for costly and time-consuming breach notifications. Covered entities are not absolved until PHI is physically destroyed.
For more information about HITECH, please visit: Health Information Privacy
A partner in compliance.
With ISO 9001 Certified by NSF-ISR processes and over 30 years of experience, covered entities trust PROSHRED® to be an unparalleled extension of their organization to meet the HITECH Act requirements. We end breach notification fears immediately by destroying all PHI on-site at the client location.
PROSHRED® ensures the highest level of security and delivers professional, knowledgeable service at a cost-effective and environmentally conscious value.