The stimulus, by the way, is now called the American Recovery and Reinvestment Act. The part dealing with health IT is called Health Information Technology for Economic and Clinical Health (HITECH -- get it?).
In brief, the new act extends the definition of "covered entities" to include all those a physician's practice does business with -- lawyers, accountants, suppliers, etc.
So if you're handing your lawyer patient records (as in a malpractice suit) that exchange of data is now covered under HIPAA. They can't spread it around as part of your defense.
HITECH also tells all "covered entities" they have to notify authorities if data is lost. Previously only Arkansas and California had this requirement -- apparently everywhere else doctors were dropping laptops with patient data into trash cans and keeping it a secret.
Needless to say consultants (with dollar signs in their eyes) are in full hair on fire mode. The stim didn't include money for HIPAA compliance, but these folks are feeling plenty stimuluated nonetheless.
Even David Kibbe (friend of the blog) told a reporter this means small medical practices will "face additional costs for health IT implementation" as a result of all this.
Are you handing patient records to all and sundry? Are you giving them willy-nilly to your accountant, your lawyer, your suppliers? With names attached? Really?
I doubt it. If you are, shame on you. If not, you don't have much to worry about here. Don't start.
As to the notification requirements isn't that simple common sense? Lose your wallet and you're going to call the cops -- same with your patient records.
HIPAA is not an excuse not to automate. It simply provides the equivalent of a fiduciary duty on anyone dealing with someone else's personal, private medical records. Most of its provisions are simple common sense.
Even The HealthCare Blog, for which Kibbe writes, has not been at all hair-on-fire over the new rules.
They recently featured a piece by Margalit Gur-Arie saying doctors need to get on board with Electronic Health Records (crediting Kibbe for his help) and another Kibbe-Klepper piece warning that the present health care market is a bubble about to burst.
Nothing there about "don't automate or the HIPAA will get you."
Unfortunately an entire industry has developed over the last decade using HIPAA as an excuse to keep automation at bay, and now that industry is baying like mad.