In brief, the new act extends the definition of "covered entities" to include all those a physician's practice does business with -- lawyers, accountants, suppliers, etc. HITECH also tells all "covered entities" they have to notify authorities if data is lost.
In brief, the new act extends the definition of "covered entities" to include all those a physician's practice does business with -- lawyers, accountants, suppliers, etc.
So if you're handing your lawyer patient records (as in a malpractice suit) that exchange of data is now covered under HIPAA. They can't spread it around as part of your defense.
HITECH also tells all "covered entities" they have to notify authorities if data is lost. Previously only Arkansas and California had this requirement -- apparently everywhere else doctors were dropping laptops with patient data into trash cans and keeping it a secret.
Needless to say consultants (with dollar signs in their eyes) are in full hair on fire mode. The stim didn't include money for HIPAA compliance, but these folks are feeling plenty stimuluated nonetheless.
Even David Kibbe (friend of the blog) told a reporter this means small medical practices will "face additional costs for health IT implementation" as a result of all this.
Are you handing patient records to all and sundry? Are you giving them willy-nilly to your accountant, your lawyer, your suppliers? With names attached? Really?
I doubt it. If you are, shame on you. If not, you don't have much to worry about here. Don't start.
As to the notification requirements isn't that simple common sense? Lose your wallet and you're going to call the cops -- same with your patient records.
HIPAA is not an excuse not to automate. It simply provides the equivalent of a fiduciary duty on anyone dealing with someone else's personal, private medical records. Most of its provisions are simple common sense.
Even The HealthCare Blog, for which Kibbe writes, has not been at all hair-on-fire over the new rules.