« Your HITECH Quiz – “NO” is not an Answer
HITECH 101 for Benefits Consultants (and all BA’s) – Cliff Notes Version »

Before You Sign Your Carrier’s HITECH BA Agreements READ THIS!

On February 17th, 2009 President Obama signed the American Recovery and Reinvestment Act of 2009 (the stimulus bill).  A portion of the bill created the Technology for Economic and Clinical Health Act (HITECH).

HITECH substantially expands the existing HIPAA Privacy and Security Rules as the “enforcement hammer” of the law and substantially increases the penalties for violations of HIPAA.

The BA agreements/amendments that Carriers are asking brokers and consultants and others to sign – be they 1 page or 15  essentially ask you to state that your firm is in full compliance with the law and will remain so.

These changes include:

  • Apply the HIPAA privacy and security requirements directly to business associates (BA)
    • This includes detailed plans, procedures and actions to be fully documented and auditable
  • Create new privacy requirements for HIPAA covered entities (CE) and their BA’s
  • Establish mandatory federal breach reporting requirements for HIPAA covered entities and their BA’s
    • A “Tattle” rule has been created requiring BA’s to report their CE’s (clients and carriers) breaches
    • Local media notification is mandatory if a breach involves 500 or more lives
  • Allow the state Attorneys General to take legal action on privacy/security violations
  • Establish new criminal and civil penalties for noncompliance and new enforcement responsibilities.
Violation Penalty per Violation Maximum per Year
Tier A – Did not Know 100 25,000
Tier B – Reasonable cause, not willful neglect $1,000 100,000
Tier C – “Willful Neglect”, corrected $10,000 $250,000
Tier D – “Willful Neglect”, uncorrected $50,000 $1,500,000

So before you sign that agreement click here for a one page summary of what the HITECH law requires of a Business Associate.

I am sure you will find that your organization is not ready or even fully aware of your new responsibilities and liabilities.

The effective date for compliance is February 17, 2010.

We have a turnkey solution that is cost effective and covers both the administrative/policy compliance and encrypting your emails that transmit PHI.

Click here to contact us to and get a 30 minute demo of how our solutions can help you quickly get in compliance.

Explore posts in the same categories: Business

This entry was posted on January 8, 2010 at 1:26 pm and is filed under Business. You can subscribe via RSS 2.0 feed to this post's comments. You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.