The Health Information Technology for Economic and Clinical Health Act (HITECH) brought some much-needed change to the Health Insurance Portability and Accountability Act (HIPAA). Along with providing incentives for adopting electronic health records (EHR) in the form of Meaningful Use, it also added teeth to the enforcement of HIPAA – specifically, the Privacy and Security Rules. HITECH also forced Business Associates to be covered by the same regulations. There’s more to securing PHI than just having a firewall and using strong passwords. While it’s true that electronic breaches have become more sophisticated, in many cases, a data breach can happen through human error, both inadvertent and intentional.
Important NACHC Library Content Note: This technical assistance resource was developed prior to the August 2017 release of the Health Center Compliance Manual by the Health Resources and Services Administration’s (HRSA) Bureau of Primary Health Care (BPHC). The BPHC Compliance Manual, issued August 2017, indicates where PINS, PALs and other program guidance are now superseded or subsumed by the BPHC Compliance Manual.
This project was supported by the Health Resources and Services Administration (HRSA) of the U.S. Department of Health and Human Services (HHS).