NAHU Presentation on HIPAA HITECH – Broker To Do List

The Industry Radar HITECH Webinar is on Thurs, 1/28 – register here.

I knew if I looked hard enough I would find some useful information and advice for brokers and I did thanks to friend Janet Trautwein, NAHU’s CEO,  who pointed me to the webinar and slides that NAHU did for its members in November on this topic.

The slides can be accessed here

A recording of the webinar is here

The bottom line of course is that you need to take HITECH seriously and get compliant by 2/17/2010.

A to do list excerpted from the slides is below. A more complete and exhaustive list is here in HITECH 101 for Brokers:

Privacy Compliance Deadline: 2/17/2010 • Appoint a privacy official • Amend business associate agreements with group health plans to include additional required provisions • Cure your breaches of business associate agreements • Enter into business associate agreements with privacy safeguards by 2/17/2010 with any organization that provides data transmission services to you • Comply with new HITECH minimum necessary requirements effective 2/17/2010 (further HHS guidance expected by 8/17/2009) • Comply with changes to request for restriction rules • Comply with new marketing restrictions • Seek authorization prior to selling PHI for certain purposes (beginning no later than 2/17/2010, depending on when regulations are issued) Security Compliance Deadline: 2/17/2010: • Appoint a security official • Implement all HIPAA security administrative, technical and physical safeguards • Conduct a security risk analysis • Amend business associate agreements to include new security rules (as early as 9/15/2009 since that is the latest date the new breach notification rules will apply) • Enter into business associate agreement with security safeguards with any organization that provides data transmission services to you • Develop and maintain written security policies & procedures • Conduct privacy and security workforce training • Wait for HHS guidance (expected by 1/1/2010 and to be updated annually) regarding the most effective and appropriate technical safeguards and consider implementing • Implement technologies or methodologies that make PHI secure (from April 2009 these are “encryption or destruction”) • Comply with new notification rules for breach of unsecured PHI

The Industry Radar HITECH Webinar is on Thurs, 1/28 – register here.

Explore posts in the same categories: brokers, Employee Benefits, Healthcare, Healthcare Insurers, Healthcare Reform, Insurance

Tags: , , , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: