What is HITECH? Is it a concern for CIOs
What are the HIPAA Implications?
The Health Information Technology for Economic and Clinical Health (HITECH) Act requires organizations to be responsible for protecting patient records and health information. The Act extends the scope of privacy and security protections available under HIPAA, increases potential legal liability for non-compliance and provides more enforcement of HIPAA rules. The HITECH Act seeks to streamline healthcare and reduce costs through the use of health information technology, including the adoption of electronic health records.
A protected health information (PHI) data breach is any unauthorized use, access or disclosure of PHI that violates the HIPAA Privacy Rule and poses significant financial, reputational or other harmful risks to an individual.
The process for determining whether a breach has occurred.
- Determine whether there has been an violation of PHI under the Privacy Rule.
- Determine and document whether the violation compromises the security or privacy of the PHI in a manner that poses a significant financial, reputational or other harmful risks to the individual.
- Determine whether the incident falls under one of the exceptions to the breach definition.
There are a number of considerations to help determine the risk involved. In a risk assessment, covered entities (CEs) will need to answer the following questions:
- Was information protected by encryption?
- Who used the information and to whom was the information disclosed?
- What immediate steps were taken to mitigate the violation by use or disclosure?
- Was the disclosed PHI returned prior to being accessed?
- What was the type and amount of PHI involved in the disclosure?
- What is the risk of re-identification of PHI contained in a limited data set?
The options to acquire the template include:
Disaster Recovery Business Continuity & Security Manual Templates Standard
- Disaster Recovery Business Continuity Template
- Security Manual Template
Both of the templates have been recently updated to meet new compliance requirements for ransomware, EU madated issues and BREXIT operational considerations
"Best of Breed - Best Practices Disaster Recovery Planning / Business Continuity Planning and Security Policies" according to the IT Productivity Center
- Disaster Recovery Business Continuity Template - Standard Edition
- Security Manual Template - Standard Edition
- 41 Job Descriptions including:
CIO; CCO; Chief Digital Officer, Chief Experience Officer, Chief Mobility Officer, CSO; VP Strategy and Architecture; Data Protection Officer, Director e-Commerce; Database Administrator; Data Security Administrator; Manager Data Security; Manager Database; Manager Disaster Recovery; Manager Disaster Recovery and Business Continuity; Pandemic Coordinator; Manager Facilities and Equipment; Manager Media Library Support; Manager Network and Computing Services; Manager Network Services; Manager Site Management; Manager Training and Documentation; Manager Voice and Data Communication; Manager Wireless Systems;Capacity Planning Supervisor; Disaster Recovery Coordinator; Disaster Recovery - Special Projects Supervisor; Network Security Analyst; System Administrator - Unix; System Administrator - Windows
- Disaster Recovery Business Continuity Template - Standard Edition
- Security Manual Template - Standard Edition
- 326 Job Descriptions which includes all of the job descriptions in the premium edition
"Best of Breed - Best Practices Disaster Recovery Planning / Business Continuity Planning, Security Policies, IT Job Descriptions" according to the IT Productivity Center
Order DRP BCP Security Bundle Download Sample
